We discussed and introduced TheHive platform which is used as a security incident response platform for collaboration and exchanging of incident information.
The Complete Practical Web Application Penetration Testing Course
Highlights
TheHive Project is a scalable, open-source and freely available Security Incident Response Platform, designed to assist security analysts and practitioners working in SOCs, CSIRTs and CERTs to track, investigate and act upon identified security incidents in a swift and collaborative manner.
Security Analysts can collaborate on investigations simultaneously, ensuring real-time information pertaining to new or existing cases, tasks, observables and IOCs are available to all team members.
More information about the project can be found on https://thehive-project.org/ & their GitHub Repo.
Room Answers
Which open-source platform supports the analysis of observables within TheHive?
Cortex
Which pre-configured account cannot manage any cases?
Admin
Which permission allows a user to create, update or delete observables?
manageObservable
Which permission allows a user to execute actions?
manageAction
Where are the TTPs imported from?
MITRE ATT&CK
According to the Framework, what type of Detection “Data source” would our investigation be classified under?
Network Traffic
Upload the pcap file as an observable. What is the flag obtained from https://MACHINE_IP//files/flag.html
THM{FILES_ARE_OBSERVABLES}
Video Walkthrough
