TheHive 5 turns 3: Check out what's new since bee-4!

Three years ago, TheHive 5.0 burst onto the scene, elevating the way security analysts tackle their daily challenges. This milestone marked a turning point in our platform’s evolution, packed with game-changing features and improvements.

As we celebrate this anniversary, let’s take a look at everything we’ve managed to achieve in the latest version so far. Maybe you’ll even find something you haven’t yet tried? 😉

But before diving into the list of improvements, we want to take a moment to say a huge thank you to our amazing user community. We’re so grateful to always have you at the heart of the platform’s evolution, guiding our roadmap with your valuable feedback and insights. Further exciting features of TheHive 5 are coming soon—stay tuned!

Let’s start with the game-changing additions you won’t want to live without:

• Notification System: React on defined events (e.g., Case created, Observable flagged as IOC, etc.) using various Notifiers—Webhooks, Emails, HTTP Request, MS Teams, Slack and more.
• Case Reporting: Generate and download a tailored Case Report in an exportable, readable format—HTML, Docx (Word) or Markdown.
• Private Cases: Allow only selected users to view a Case content, hiding it from others.
• Email Intake: Integrate TheHive with an MS 365, Google Workspace or IMAP mailbox and ingest emails as Alerts.
• Case management: Leverage a visual Case Timeline, drop Comments, upload Attachments, monitor KPIs, write Pages… Cases became more functional than ever!
• Apply Case Template on existing Cases: Enrich cases with additional tasks from your case templates library, allowing dynamic playbooks.
• User Management: SSO with OAuth2 & SAML, 2FA, reset forgotten passwords, view and revoke sessions, user directory synchronization with LDAP or AD…
• Custom Status: Create your own Case and Alerts status to fit perfectly with your playbooks.
• Dark Mode: A theme that saves your eyes during late-night investigations.
• Functions: Integrate TheHive with any third-party service and automate your security operations tasks.

Boosting performance, usability and overall experience, we have added these features in TheHive 5:

• Brand new modern UX/UI: A total rework on the UI, that keeps being improved release after release.
• Case History: Case traceability available at any time, in any Case.
• RBAC Improvement: Create custom accounts profiles with up to 32 Organization level permissions and 11 administration level permissions available.
• Alert Feeder: Switch TheHive to pull mode by scheduling data fetching from other tools’ APIs, and ingest it using a Function—to create a case, an alert, or perform any action you’d like.
• Data Export: CSV or JSON bulk export for every existing item (Cases, Alerts, Observables, Tasks, etc.).
• Alerts pre-processing: Act on Alerts before importing them as Cases. Run Analyzers on Observables and drop Comments for your colleagues.
• Configuration UIs: Configure Cortex, MISP, Authentication, Branding and more directly from the UI.
• Case Ownership: Transfer the Case Ownership from one organization to another.
• Knowledge Base: Write documentation and share resources with your team.
• Mandatory Tasks: Define your critical Tasks that require a minimum input before analysts can close the Case.
• Alert Assignment: Analysts can now be assigned to an Alert.
• Performances enhancements: Now relying on index for complex queries, significantly improving processing and response times.

Small tweaks, big impact—because every detail matters.

• TLP v2.0: For clear & strict posture on your sensitive data.
• Case Links: Tie your Cases together or link them to handy external resources — whether it’s evidence, references, or anything you find useful.
• Dashboards: Build private or shared Dashboards with new widgets to monitor KPIs & team activities.
• Branding: Customize TheHive with your company logo.
• New Search Filters: Improving searching capabilities by adding new operators, such as “Last” and “Next” (time filters).
• Documentation: You now have access to complete API documentation and reworked admin & user documentation.
• Hide Default Status: Out-of-the-box statuses can now be hidden, encouraging your team to use your custom ones instead.
• ElasticSearch 8 & OpenSearch Support.
• Play Framework Upgrade: Updating backend framework from Play 2 (Akka) to Play 3 (Pekko).

Anniversaries are a perfect time to reflect on how far you’ve come. At StrangeBee, we’re so proud of not just our product’s growth but also the overwhelmingly warm response it has received from you, our users all over the world.

We are humbled and grateful to have you by our side—and we’ll keep pushing limits so that TheHive remains your faithful incident response powerhouse.