After some months using TheHive as incident response platform we share a common use case to handling Phishing incident.
In this example we’re using:
- Office365 as mail provider with the native feature to report phishing message
- Cisco Umbrella to detect who click and blacklist URL or domain
- TheHive as platform for handling security incidents
- Our custom connector to enter cases in TheHive from mail messages