Learn how to install, configure, and maintain TheHive for analysts.
Getting Started Download TheHiveAlert Management
Efficiently manage alerts with a dedicated and detailed Alert page. Make comments, identify similar alerts, define custom statuses and fields, and decide on escalation to investigations or incident response.
Case Management
Streamline case creation with associated tasks and observables. Identify related cases and alerts, set PAP (Permissible Actions Protocol) levels on each Observable, and enhance Incident Response using a flexible template engine.
Multi-Tenant Environments
Define organizations and teams for collaborative work. Customize permissions and roles to isolate or share cases between organizations.
Advanced User Management
Customize user profiles and assignments within organizations. Synchronize users via LDAP or AD for streamlined management.
Notifications Framework
Set up notification rules to trigger webhooks, emails, Slack/Mattermost messages, or custom HTTP requests based on specified events.
Metrics and Dashboards
Utilize dynamic dashboarding to compile and correlate case statistics, tasks, observables, and metrics for generating KPIs and MBOs.
Comprehensive APIs
Access fully documented APIs for implementing workflows and developing automated scripts using TheHive data.
MISP Integration
Seamlessly import and share Indicators of Compromise with MISP. Collaborate by connecting TheHive with MISP to enhance threat intelligence sharing.
MITRE ATT&CK Integration
Incorporate MITRE ATT&CK Framework TTPs into alert management. Import tactics and techniques into cases or alerts, or export to MISP events for broader threat analysis.
Case Reporting
Generate detailed incident reports in markdown, DOCX or PDF format. Customize report templates based on content requirements and target audience.
Knowledge Base
Centralize policies, procedures, best practices, and guidance within the in-app 'wiki' for quick access and support during incident response.
Timeline
Track incident progression with a comprehensive timeline view. Capture events from detection to resolution, providing insights into the incident response process.