ReddRadar
What is TheHive?
TheHive is a robust security case management platform designed to empower incident responders worldwide. It enables security teams to consolidate alerts from multiple platforms, manage cases efficiently, and automate analysis and response workflows. The platform offers real-time collaboration, customizable dashboards, case enrichment features, and deep integrations with threat intelligence tools like Cortex and MISP.
With flexible deployment options including on-premises, SaaS, and IaaS, TheHive supports organizations of all sizes, allowing seamless teamwork, custom roles, and permissions. Automation capabilities driven by the Cortex engine help security teams triage, analyze, and respond to incidents swiftly, improving operational efficiency and reducing response times.
Features
- Automated Incident Analysis: Uses the Cortex engine to automate analysis and trigger active responses for security events.
- Centralized Alert Management: Aggregates alerts from multiple platforms, enabling efficient triage and case handling.
- Customizable Case Enrichment: Allows addition of custom metrics, attachments, tags, and evidence for detailed investigation.
- Real-Time Collaboration: Provides features for role-based access, live dashboards, and progress tracking across teams.
- Seamless Integration: Deep compatibility with MISP, MITRE ATT&CK Framework, SIEMs, threat intel, and other security tools.
- Flexible Deployment: Offers on-premises, SaaS, and IaaS cloud deployment models.
- Multi-tenancy and Custom Roles: Supports multiple organizations, custom views, templates, and user permissions.
- Extensive Automation & Notifications: Automates workflows via webhooks, custom HTTP requests, and supports notifications through email, Slack, or Mattermost.
- Security & Compliance: Offers two-factor authentication, LDAP, AD, OAuth2, and GDPR features for regulatory adherence.
- Comprehensive Support: Multiple support levels, including business-hour coverage and priority handling for paid tiers.
Use Cases
- Streamlining incident response for security operation centers (SOCs)
- Efficiently managing and triaging cybersecurity alerts and cases
- Automating digital forensics and incident response (DFIR) workflows
- Boosting collaboration among distributed security or IT teams
- Integrating with existing SIEM, threat intelligence, and ITSM systems
- Facilitating external and internal communications regarding security incidents
- Conducting continuous improvement and monitoring of security processes
FAQs
-
What is a user for the license?
A user is any person who needs access to TheHive’s user interface. Users with read-only or administration-type profiles that do not require licensed permissions are free. -
Can we pay monthly?
All plans are available exclusively via yearly subscription. -
Is it possible to upgrade my package or infrastructure during my subscription?
Yes, you can upgrade during your subscription by purchasing additional user or organization licenses, or by enhancing infrastructure without loss of data. -
Can I downgrade my package or infrastructure during my subscription?
Downgrading is not allowed during the agreement period but can be done upon renewal. -
Can a trial subscription be converted into production?
Yes, at the end of your trial, your trial data can be migrated to your production environment.
