Hivelime is a comprehensive integration between TheHive and Sublime. Utilizing Sublime webhooks, Hivelime can be effortlessly configured to create alerts on TheHive!

• Triggered event (malicious email detection) is parsed and converted into an actionable TheHive alert with tags, observables;
• Request signing can be used if SUBLIME_SIGNING_KEY variable is provided;
• Observables have detailed tags to further analyze, filter or use in remediation step;
• Built with both Security and OPS in mind. HiveLime has small footprint, great performance on various workloads and easily deployable with minimal configuration;
• Tags can be provided in configuration to be appended to alerts created by HiveLime;
• Alert has a brief summary description with links to detection, flagged rules and important information.

• Parameters should be provided via environment variables. Please see docker-compose file.
• Run the app via docker or via simply ./hivelime
• HiveLime will listen http://SERVER_ADDRESS/sublime/event. Make sure to provide /sublime/event url resource to Sublime Webhook action configuration.

• Alert reference is first 8 chars of detection CanonicalID;

1. Check Releases section.

1. Make sure that you have a working Golang workspace.
2. go build .
   • go build -ldflags="-s -w" . could be used to customize compilation and produce smaller binary.

• docker pull ghcr.io/kaansk/hivelime

1. Edit config file or provide environment variables to commands bellow
2. docker build -t hivelime .
3. docker run -it hivelime

1. Edit environment variables and configurations in docker-compose file
2. docker-compose run -d

• Sublime Security
• Dockerfile Reference
• Release management with GoReleaser
• Delivr.to