Skip to content

How to Export a Case to MISP#

This topic provides step-by-step instructions for exporting a case to MISP in TheHive.

Only observables marked as IOCs will be exported in the case. Once exported to MISP, any updates to the case IOCs will be automatically synchronized with MISP, requiring no manual intervention.

Manual export to MISP only

You must manually export cases to MISP, as each case requires individual review.

MISP actions required

The event created in MISP is not published by default. You must review it and update its status in MISP to publish it.

Procedure#

  1. Locate the case you want to export.

  2. In the case description, select the Export button.

    Export a case

  3. Select the relevant servers in the Export to MISP section.

  4. Select Export.

Next steps#