Security and Data Protection#
TheHive follows responsible security disclosure practices and implements specific data protection measures.
Responsible disclosure#
Our Responsible Vulnerability Disclosure policy and security advisories are available on our Security GitHub repository.
Data protection#
TheHive stores data using a combination of Cassandra database and Elasticsearch indexing. For more information, see TheHive architecture.
Database and storage#
TheHive uses Cassandra, which relies on a Bigtable model for data storage. Data are indexed in Elasticsearch.
TheHive doesn't support database encryption—data are stored in plaintext within the database. Attachments from cases, alerts, and organizations, as well as observables of type file, are also stored in their original form as plaintext.
Password storage#
Local account passwords are stored using strong cryptographic hashing. TheHive implements PBKDF2 (HMAC-SHA512 with 120,000 iterations) to protect user credentials.
This approach ensures that passwords remain protected against brute-force attacks even if the database is compromised.