TrustRadius: an HG Insights company

TheHive

Score9.7 out of 10

2 Reviews and Ratings

Get a Demo

What is TheHive?

TheHive is a collaborative security case management platform that integrates with security tools such as SIEM, EDR, threat intelligence platforms and more, enabling security teams to manage alerts, conduct investigations and respond to incidents from a single interface.

The platform works in conjunction with Cortex, an open-source engine also developed by StrangeBee to automate observable enrichment and response actions through an extensive library of analyzers and responders.

Today, TheHive boasts 3500+ users worldwide, enabling them to centralize, automate and scale security operations and incident response across multiple teams, environments or clients.

Categories & Use Cases

Videos

Screenshots

Screenshot of Alert Management: Go through your dedicated and detailed Alert page, make comments, identify similar Alerts, define custom statuses and fields. Then decide whether or not they should be escalated to investigations or to incident response.
Screenshot of Case Management: Create cases and associated tasks and observables. Identify similar cases and alerts, define the PAP (Permissible Actions Protocol) level on each Observable, or improve your Incident Response process using a simple yet powerful template engine.
Screenshot of Muti Tenant Environments: Define the different organizations and teams and get them to work in a dedicated or collaborative mode: tenants' cases can be isolated or investigated by users from different organizations based on customizable roles and permissions.
Screenshot of User Management: Define and customize user profiles, assign them to users within their organizations and synchronise them via LDAP or AD.
Screenshot of Metrics and Dashboards: Compile and correlate statistics on cases, tasks, observables, metrics and more to generate useful KPIs and MBOs with our dynamic dashboard engine.
Screenshot of MISP Integration: Get shared Indicators of compromise quickly imported and ready to use or share yours easily with your communities by connecting TheHive with MISP.
Screenshot of MITRE ATT&CK Framework Integration: Import all of the MITRE ATT&CK Framework TTPs to TheHive Alert management. Import Tactics and Techniques of a particular Case or Alert or simply export them to a MISP event.
Screenshot of the Notification Framework: In addition to invoking Webhooks, send emails, Slack and Mattermost messages or call custom HTTP requests (JIRA, ServiceNow, QRadar...)

1 / 8

Screenshot of Alert Management: Go through your dedicated and detailed Alert page, make comments, identify similar Alerts, define custom statuses and fields. Then decide whether or not they should be escalated to investigations or to incident response.

Technical Details

Technical Details
Deployment TypesOn-Premise, SaaS
Operating SystemsWindows, Linux
Mobile ApplicationNo
Supported LanguagesEnglish, French, Italian, German, Dutch, Spanish, Portuguese, Polish, Swedish, Chinese, Japanese, Arabic

FAQs

What is TheHive?
TheHive is a collaborative case management platform that helps security teams centralize, structure, speed up and scale their alert management, investigations and incident response.
What are TheHive's top competitors?
Swimlane, Splunk SOAR, and ServiceNow Security Operations are common alternatives for TheHive.
Who uses TheHive?
The most common users of TheHive are from B2C.