Export a Case to MISP#
Manually export a case from TheHive to the Malware Information Sharing Platform (MISP) to share your investigation results with the community.
Only observables marked as indicators of compromise (IOCs) are exported in the case. Once exported to MISP, any updates to the case IOCs is automatically synchronized with MISP, requiring no manual intervention.
Requirements
The MISP server you want to share your case with must be configured with either the Import and export or Export only purpose. If it’s configured for Import and export, TheHive automatically creates alerts with the Imported status once the events linked to the IOCs you shared to MISP are published.
MISP actions required
The event created in MISP isn't published by default. You must review it and update its status in MISP to publish it.
Procedure
-
Locate the case you want to export.
-
In the case, select the Export button.
-
Select the relevant servers in the Export to MISP section.
-
Select Export.