TheHive Technical Documentation
Learn how to install, configure, and maintain TheHive for analysts.
Getting Started Download TheHiveFeatures
-
Alert Management
Efficiently manage alerts with a dedicated and detailed Alert page. Make comments, identify similar alerts, define custom statuses and fields, and decide on escalation to investigations or incident response.
-
Case Management
Streamline case creation with associated tasks and observables. Identify related cases and alerts, set PAP (Permissible Actions Protocol) levels on each Observable, and enhance Incident Response using a flexible template engine.
-
Multi-Tenant Environments
Define organizations and teams for collaborative work. Customize permissions and roles to isolate or share cases between organizations.
-
Advanced User Management
Customize user profiles and assignments within organizations. Synchronize users via LDAP or AD for streamlined management.
-
Notifications Framework
Set up notification rules to trigger webhooks, emails, Slack/Mattermost messages, or custom HTTP requests based on specified events.
-
Metrics and Dashboards
Utilize dynamic dashboarding to compile and correlate case statistics, tasks, observables, and metrics for generating KPIs and MBOs.
-
Comprehensive APIs
Access fully documented APIs for implementing workflows and developing automated scripts using TheHive data.
-
MISP Integration
Seamlessly import and share Indicators of Compromise with MISP. Collaborate by connecting TheHive with MISP to enhance threat intelligence sharing.
-
MITRE ATT&CK Integration
Incorporate MITRE ATT&CK Framework TTPs into alert management. Import tactics and techniques into cases or alerts, or export to MISP events for broader threat analysis.
-
Case Reporting
Generate detailed incident reports in markdown, DOCX or PDF format. Customize report templates based on content requirements and target audience.
-
Knowledge Base
Centralize policies, procedures, best practices, and guidance within the in-app 'wiki' for quick access and support during incident response.
-
Timeline
Track incident progression with a comprehensive timeline view. Capture events from detection to resolution, providing insights into the incident response process.