How to seamlessly migrate your on-prem TheHive & Cortex to TheHive Cloud Platform

Are you currently running TheHive and Cortex on-premises? Managing infrastructure, handling updates, ensuring backups and maintaining security can demand significant time and resources—resources that could be better spent on your core security operations.

TheHive Cloud Platform (THCP) offers a fully managed, dedicated TheHive and Cortex environment, designed to provide the best experience without the hosting constraints. If you’re considering making the switch, we’ve outlined the benefits and the smooth migration process.

THCP isn’t just about moving to the cloud; it’s about upgrading your operational efficiency and peace of mind. Built upon our deep expertise with TheHive and Cortex, and refined through countless hours helping customers deploy and manage their instances, it offers tangible advantages:

• Fully managed & secure environment: Forget infrastructure worries. We handle the setup, monitoring and security of your dedicated TheHive and Cortex instances. Our platform undergoes annual SOC 2 Type 2 assessments, demonstrating our commitment to security standards.
• Reliability and business continuity: Benefit from managed hourly backups and an automated disaster recovery procedure, designed to protect your data even in the event of a full AWS regional outage.
• Always up-to-date: We manage the platform updates, ensuring you always have access to the latest features and security patches for TheHive and Cortex without manual intervention.
• Optimized performance: Hosted on AWS infrastructure in several regions, THCP is sized to meet diverse organizational requirements, ensuring optimal performance.
• Reduced operational overhead & proven stability: Our experience shows! Since THCP’s launch, we’ve observed significantly fewer support requests from THCP users compared to on-prem users. This reflects the stability and ease of use of our managed SaaS platform, freeing up your team to focus on incident response.

We built THCP not just by knowing our products inside-out but by understanding how you actually use them in real-world scenarios.

We understand that migrating critical systems can seem daunting. That’s why we’ve designed a structured, collaborative process typically completed within two weeks from start to finish, focused on minimizing downtime and ensuring data integrity.

Here’s how it works:

1. [Your role] Data snapshot: You’ll start by taking complete snapshots of your existing on-premises data, including the database (Cassandra), the index (Elasticsearch) and the file storage (filesystem, S3, etc.).
2. Secure data transfer: You will encrypt the snapshot data and securely transfer it to our dedicated cloud team using a provided secure channel.
3. [Our role] Restore & dry-run setup: Our team decrypts your data and restores it onto a dedicated, isolated dry-run THCP environment. This allows for testing without impacting your live system.
4. [Your role] Validation: We provide you with access to this dry-run environment. You’ll have the opportunity to thoroughly review and validate that all your cases, observables, analyzers, responders, users and configurations have been migrated correctly and function as expected.
5. Go-live—Final migration & cutover: Once you give the green light, we schedule the final cutover. On the agreed D-Day, we repeat steps 1-4 quickly with the latest data snapshot to minimize the time your on-prem instance needs to be offline. We then deploy your validated data onto your final production THCP environment.

Our team works closely with yours throughout this process to ensure a seamless transition.

To initiate the migration process and prepare your THCP environment, we only need two key pieces of information:

1. Target AWS region: Let us know your preferred AWS region for hosting your THCP instance (from a selection of THCP-enabled regions). This choice often relates to data sovereignty requirements or latency considerations.
2. Access whitelist IPs: Provide a list of all public IP addresses or ranges (IPv4 and IPv6 supported) that require access to TheHive and Cortex UI and API. This typically includes analyst workstations, VPN gateways and any integrated systems (like SIEMs or SOAR platforms sending alerts).

Transitioning to our managed service involves two components:

• One-time migration service fee: We offer a dedicated migration service performed by our expert team. This covers the entire process described above (Steps 3 & 5, plus coordination).
  • Cost: $3,000 / €3,000* (equivalent to 2 days of Professional Services)
  • * Note: The final price in EUR/USD may be subject to adjustment based on current exchange rates at the time of agreement. Please confirm with our sales team.
• Ongoing THCP subscription fees: As a fully managed SaaS offering, THCP includes hosting, maintenance, updates, backups and support. These platform fees differ from the cost of an on-premises software license alone.

For detailed THCP pricing tailored to your specific needs, please reach out to our Sales team.

Migrating to TheHive Cloud Platform streamlines your operations, enhances security and ensures you always get the best out of TheHive and Cortex.

Let us handle the infrastructure, so you can focus on fighting threats.