Synapse connects your security devices with TheHive to automate actions such as case creation or alert creation.
Thanks to its modular design, the list of connectable devices can easily be extended.
However, connecting a firewall and connecting a mailbox are two different things.
Above the technical point of view, the two devices have totally different workflows. When an email may be marked as read, a firewall event may not.
That is why workflows need to be documented.
This section aims to detail workflows so analysts know what's happening under the hood.
Available workflows are:
- Ews2Case
- Creating case from Microsoft Exchange emails.
- QRadar2alert
- Creating alert from QRadar offenses.
- Closing QRadar offenses from TheHive.