{"id":21346391,"url":"https://github.com/thehive-project/synapse","last_synced_at":"2025-07-12T17:30:45.529Z","repository":{"id":43367959,"uuid":"141409883","full_name":"TheHive-Project/Synapse","owner":"TheHive-Project","description":"Synapse: a Meta Alert Feeder for TheHive, a Security Incident Response Platform","archived":false,"fork":false,"pushed_at":"2022-12-08T02:50:28.000Z","size":1341,"stargazers_count":66,"open_issues_count":44,"forks_count":44,"subscribers_count":9,"default_branch":"master","last_synced_at":"2023-02-26T04:29:34.082Z","etag":null,"topics":["agplv3","alert","analyst","api","dfir","free","incident-response","investigations","microsoft-exchange","office365","open-source","orchestration","python3","qradar","qradar-offense","rest","security-incidents","thehive","thehive-project","workflow"],"latest_commit_sha":null,"homepage":"https://thehive-project.org/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/TheHive-Project.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"code_of_conduct.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-07-18T09:07:51.000Z","updated_at":"2023-02-14T13:39:12.000Z","dependencies_parsed_at":"2022-07-07T16:57:34.184Z","dependency_job_id":null,"html_url":"https://github.com/TheHive-Project/Synapse","commit_stats":null,"previous_names":[],"tags_count":null,"template":null,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TheHive-Project%2FSynapse","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TheHive-Project%2FSynapse/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TheHive-Project%2FSynapse/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TheHive-Project%2FSynapse/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/TheHive-Project","download_url":"https://codeload.github.com/TheHive-Project/Synapse/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225829081,"owners_count":17530666,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agplv3","alert","analyst","api","dfir","free","incident-response","investigations","microsoft-exchange","office365","open-source","orchestration","python3","qradar","qradar-offense","rest","security-incidents","thehive","thehive-project","workflow"],"created_at":"2024-11-22T02:08:28.974Z","updated_at":"2024-11-22T02:08:29.444Z","avatar_url":"https://github.com/TheHive-Project.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"Synapse is a free, open source meta alert feeder that allows you to feed [TheHive](https://github.com/TheHive-Project/TheHive) from multiple alert sources at once.   \nIt leverages TheHive's API to automate case and alert creation. Thanks to Synapse, you can swiftly create cases or alerts in TheHive out of email notifications or SIEM events.\n\nCurrently, Synapse supports the following alert sources:\n\n- Microsoft Exchange\n- Microsoft O365\n- IBM QRadar  \n\n# Overview\n\nMost of the time, transforming a security event or a notification about a suspicious email requires several actions and conditions.  Synapse gathers those into workflows.   \n\nIn order to have the most user-friendly application possible, we decided to put an API on top of these workflows.   That way, you would only execute the workflow you are interested in by \"hitting\" the corresponding API endpoint.   \n\nThe following workflows are currently supported by Synapse:\n   * Case creation from email using Exchange Web Service \u0026 O365\n   * Alert creation from QRadar offenses\n\n![](docs/img/big-picture.png)\n\nFor a detailed explanation of each workflow,  please have a look at the [workflows page](docs/workflows/README.md).   \n\n# Using Synapse\n\nThe [user guide](docs/user_guide.md) should contain all the information you need. In short:\n\n   1. Install dependencies\n   2. Fill in the config file\n   3. Execute: ```python3 app.py```\n\nWhile all operating systems running Python 3 can be used for Synapse, we recommend the use of Ubuntu.   \n\n# License\nSynapse is an open source and free software released under the \n[AGPL](https://github.com/TheHive-Project/TheHive/blob/master/LICENSE) (Affero General Public License). \nWe, TheHive Project, are committed to ensure that TheHive will remain a free and open source project on the long-run.\n\n# Updates\nInformation, news and updates are regularly posted on [TheHive Project Twitter account](https://twitter.com/thehive_project) and on [the blog](https://blog.thehive-project.org/).\n\n# Contributing\nPlease see our [Code of conduct](code_of_conduct.md). We welcome your contributions. Please feel free to fork the code, play with it, make some patches and send us pull requests via [issues](https://github.com/TheHive-Project/Synapse/issues).\n\n# Support\nPlease [open an issue on GitHub](https://github.com/TheHive-Project/Synapse/issues) if you'd like to report a bug or \nrequest a feature. We are also available on [Gitter](https://gitter.im/TheHive-Project/TheHive) to help you out.\n\nIf you need to contact the project team, send an email to \u003csupport@thehive-project.org\u003e.\n\n# Community Discussions\nWe have set up a Google forum at \u003chttps://groups.google.com/a/thehive-project.org/d/forum/users\u003e. To request access, you need a Google account. You may create one [using a Gmail address](https://accounts.google.com/SignUp?hl=en) or [without it](https://accounts.google.com/SignUpWithoutGmail?hl=en).\n\n# Website\n\u003chttps://thehive-project.org/\u003e\n\n# Roadmap\n\n   * Closing QRadar offense after closing TheHive case or alert\n   * Scheduler to periodically execute workflows\n\n## Special Thanks\n\nKudos to [Erik Cederstrand](https://github.com/ecederstrand) for his amazing work on Exchangelib. \n\nWe also would like to thank the IBM team for providing a Python [QRadar API client](https://github.com/ibm-security-intelligence/api-samples) to the community.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthehive-project%2Fsynapse","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthehive-project%2Fsynapse","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthehive-project%2Fsynapse/lists"}