Select Sidearea

Populate the sidearea with useful widgets. It’s simple to add images, categories, latest post, social media icon links, tag clouds, and more.

I tuoi dati personali verranno utilizzati per supportare la tua esperienza su questo sito web, per gestire l'accesso al tuo account e per altri scopi descritti nella nostra privacy policy.

GMail to TheHive (using Google script)

GMail to TheHive (using Google script)

Usually into the company where we act as security operation we found a mailbox named irt,cert,csirt ecc where all indicidents arrives and it’s used also to communicate with users.

With new (good!) policies it’s no more possibile to connect using IMAP to account mail so we’re not able to retrieve incidents.

Into this account we normaly found:

  • antivirus notification
  • antispam/phishing alert
  • firewall / IPS alert
  • SIEM alert
  • incident notification from various source (also human)

So we’ve developed a script using Google script that send to our TheHive (incident response platform) every message that come into mailbox.

By using content in subject and body it can detect the case template (Phishing, Antivirus, Vulnerability, locked account..) and import all observables like IP, URL, DOMAIN, HASH to be analyzed with Cortex

To detect also the entired thread and replies from users it use reference header to link at the same case.

Bellow an example of the results:

TheHive cases dashboard

Project are available at and we’re happy to support other SOC to implement this solution.

For who needs support write to

We’re using this connector to manage automatically this alerts:

  • Office365 native Phishing notification
  • KnowBe4 Phishing notification
  • Proofpoint alert
  • Sophos XG and InterceptX notification
  • AlienVault SIEM alarm
  • MalwareBytes Nebula incidents
  • TrendMicro antivirus notification
  • Office365 security notification
  • Workspace security notification
  • Cisco Umbrella alert
  • ServiceNow ticket