Install, configure & maintain TheHive up and running for analysts!Getting started Download TheHive!
Go through your dedicated and detailed Alert page, make comments, identify similar Alerts, define custom statuses and fields. Then decide whether or not they should be escalated to investigations or to incident response.
Create cases and associated tasks and observables. Identify similar cases and alerts, define the PAP (Permissible Actions Protocol) level on each Observable, or improve your Incident Response process using a simple yet powerful template engine.
Multi Tenant Environments
Define the different organizations and teams and get them to work in a dedicated or collaborative mode: tenants' cases can be isolated or investigated by users from different organizations based on customizable roles and permissions.
Advanced User management
Define and customize user profiles, assign them to users within their organizations and synchronise them via LDAP or AD.
Define notification rules to invoke Webhooks, send emails, Slack and Mattermost messages or call custom HTTP requests.
Metrics and dashboards
Compile and correlate statistics on cases, tasks, observables, metrics and more to generate useful KPIs and MBOs with our dynamic dashboard engine.
Get full access to documentated APIs to implement workflows or develop any automated scripts using TheHive data.
Get shared Indicators of compromise quickly imported and ready to use or share yours easily with your communities by connecting TheHive with MISP.
MITRE ATT&CK Integration
Import all of the MITRE ATT&CK Framework TTPs to TheHive Alert management. Import Tactics and Techniques of a particular Case or Alert or simply export them to a MISP event.