How to Export a Case to MISP#
This topic provides step-by-step instructions for manually exporting a case to MISP in TheHive.
This is useful if you want to share the results of your investigations with this open-source threat intelligence and sharing platform and contribute to the community.
Only observables marked as IOCs will be exported in the case. Once exported to MISP, any updates to the case IOCs is automatically synchronized with MISP, requiring no manual intervention.
Requirements
The MISP server you want to share your case with must be configured with either the Import and export or Export only purpose.
MISP actions required
The event created in MISP is not published by default. You must review it and update its status in MISP to publish it.
Procedure#
-
Locate the case you want to export.
-
In the case description, select the Export button.
-
Select the relevant servers in the Export to MISP section.
-
Select Export.