Hello,
I use Opensearch/Opensearch-dashboard/Kibana/Logstash/Wazuh and MISP, TheHive etc architecture.
Note that MISP and Thehive collect their data in ElasticSearch.
My goal is to be able to transfer Wazuh alerts, and therefore those posted on Opensearch, to Thehive so that they can be analyzed.
I didn’t find on the internet how to do it, except maybe using Sigma.
Thanks in advance !
I’m not really familiar with TheHive but can you give an example where you’re getting stuck and what you’ve tried already?
I know the team behind TheHive, we can ask them about OpenSearch support. I know they are running a SaaS now, so I’m sure the licenses of ElasticSearch are an issue for them. Let me know if you want me to do that @searchymcsearchface
Thanks at @jkowall. I think any support for OpenSearch is a net good (especially if helps folks like @Lynow).
One note, I don’t think any engineers on my side can actually touch their code as it’s AGPL, but glad to answer questions and provide other help.
Was there any further discussion with TheHive about OpenSearch support?