mihari v0.16 releases: a sidekick tool for TheHive for monitoring malicious hosts continuously

by do son · Published October 1, 2019 · Updated November 17, 2019

mihari

mihari is a sidekick tool for TheHive for monitoring malicious hosts (C2 / landing page/phishing, etc.) continuously.

How it works

mihari makes a query against Shodan, Censys, VirusTotal, SecurityTrails, etc. and extracts artifacts from the query results.
mihari checks whether a TheHive instance contains the artifacts or not.
- If it doesn’t contain the artifacts:
  - mihari creates an alert with the artifacts on the TheHive instance.
  - mihari sends a notification to Slack. (Optional)
  - mihari creates an event on MISP. (Optional)

You can use mihari without TheHive. But note that mihari depends on TheHive to manage artifacts. It means mihari might make duplications when without TheHive.

Installation

gem install mihari

Or you can use this tool with Docker.

docker pull ninoseki/mihari

Use

mihari supports Censys, Shodan, Onyphe, urlscan, SecurityTrails, crt.sh and VirusTotal by default.

TheHive alert example

Slack notification example

MISP event example

Tutorial

mihari v0.16 releases: a sidekick tool for TheHive for monitoring malicious hosts continuously

Search

Suggested Reading

BREAKING NEWS

TRENDING

Linux news