Source Code: https://github.com/thehive-project/TheHive/
TheHive is a scalable, open source and free Security Incident Response Platform designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly.
TheHive supports different methods to store data, files, and indexes according to your needs. However, even for a standalone, production server, we strongly recommend using Apache Cassandra as a scalable and fault-tolerant database. Files and indexes storage can vary, depending on your target setup ; for standalone server, the local filesystem is suitable, while sereval options are possible in the case of a cluster configuration.
Installation and configuration guides#
This documentation contains step-by-step installation instructions for TheHive for different operating systems as well as corresponding binary archives.
All aspects of the configuration are aslo detailled in a dedicated section.
TheHive supports differents roles for users. Depending on if you are an administrator of the plateform, an administrator of an organisation or an analyst you can have access and run differents actions in the plateform.
The user guides aims at describing all major howtos for users according to their roles and permissions.
Discover how to migration from TheHive 3.x to TheHive 4.x with our migration guide.
Several other operational guides are provided to the community.
- Setup HTTPS with nginx or haproxy
- Backup and restore: example on how to backup and restore data stored in Apache Cassandra
- Adding security in Apache Cassandra
- Using Fail2Ban and block unwanted connections to the plateform
If you are still using TheHive 3.x, the associated documentation is available here
End of Life
TheHive 3 is coming End of Life. This version no longer benefits from new features. We recommend migrating as soon as possible to TheHive 4.x.
TheHive is an open source and free software released under the AGPL (Affero General Public License). We, TheHive Project, are committed to ensure that TheHive will remain a free and open source project on the long-run.
Updates and community discussions#
Information, news and updates are regularly posted on several communication channels:
Users forum on Google Groups. Request an access:
We welcome your contributions. Please feel free to fork the code, play with it, make some patches and send us pull requests using issues.
We do have a Code of conduct. Make sure to check it out before contributing.
If you need to contact the Project's team, send an email to firstname.lastname@example.org.
- If you have problems with TheHive4py, please open an issue on its dedicated repository.
- If you encounter an issue with Cortex or would like to request a Cortex-related feature, please open an issue on its dedicated GitHub repository.
- If you have troubles with a Cortex analyzer or would like to request a new one or an improvement to an existing analyzer, please open an issue on the analyzers' dedicated GitHub repository.
TheHive is fully developped and maintained by StrangeBee. Should you need specific assistance, be aware that StrangeBee also provides professional services and support.