Incident response guide - V1D1AN/S1EM GitHub Wiki
Incident response
TheHive / Cortex
With S1EM, you have tools like TheHive and Cortex for the incident response.
When your alert arrives in TheHive:
You can click on Preview import for see the alert:
Click on Import
Your case is create and click on Observables:
Select all observables ( 1 ), click on Selected observables ( 2 ), click on Run analyzers ( 3 ):
Select the analyzers that you want and click on Run selected analyzers:
TheHive send to cortex the observables for analyse:
CyberChef
Cyberchef is a html page with several tools for help the analyzer like conversion tools: