TheHive is a scalable 4-in-1 open source and free security incident response platform designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly. Thanks to Cortex, our powerful free and open source analysis engine, you can analyze (and triage) observables at scale using more than 100 analyzers.
Additionally and starting from TheHive 3.1.0, you can actively respond to threats and interact with your constituency and other parties thanks to Cortex responders.
Last but not least, TheHive is highly integrated with MISP, the de facto standard of threat sharing, as it can pull events from several MISP instances and export investigation cases back to one or several ones. It also has additional features such as MISP extended events and health checking.
- This is TheHive's documentation repository. If you are looking for its source code, please visit https://github.com/TheHive-Project/TheHive/.
TheHive uses ElasticSearch to store data. Both software use a Java VM. We recommend using a virtual machine with 8vCPU, 8 GB of RAM and 60 GB of disk. You can also use a physical machine with similar specifications.
- Installation Guide
- Administration Guide
- Configuration Guide
- Cluster Configuration
- Backup & Restore
- Migration Guide
- API Documentation (incomplete)
- Feature Set (In Progress)
- Training Material
- Additional Resources
- Single Sign-On on TheHive with X.509 Certificates (Experimental Feature)
TheHive is an open source and free software released under the AGPL (Affero General Public License). We, TheHive Project, are committed to ensure that TheHive will remain a free and open source project on the long-run.
We welcome your contributions. Please feel free to fork the code, play with it, make some patches and send us pull requests using issues.
We do have a Code of conduct. Make sure to check it out before contributing.
If you need to contact the Project's team, send an email to email@example.com.
- If you have problems with TheHive4py, please open an issue on its dedicated repository.
- If you encounter an issue with Cortex or would like to request a Cortex-related feature, please open an issue on its dedicated GitHub repository.
- If you have troubles with a Cortex analyzer or would like to request a new one or an improvement to an existing analyzer, please open an issue on the analyzers' dedicated GitHub repository.
We have set up a Google forum at https://groups.google.com/a/thehive-project.org/d/forum/users. To request access, you need a Google account. You may create one using a Gmail address or without it.