(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-WRBNM36X');
Request a demo
Benefits Integrations Options Testimonials F.A.Q.
Request a demo
Full Landscape | Color — LightBG © TheHive

Your central hub for
incident response automation

  • Run bulk enrichments and responders in a few clicks
  • Plug into automation engines and custom scripts
  • Standardize investigation and response operations
Trusted by 3500+ SOC, CERT & CSIRT analysts in 50+ countries
Discover

Speed up your incident response workflows with automation

Slow, tool-switching response
Containment actions require multiple tools, manual searches and time-consuming steps.
Without TheHive
Rapid response in a few clicks
Analysts can launch the right response in seconds, with containment actions accessible directly from TheHive.
With TheHive
Manual triage overload
Analysts lose hours on manual enrichment, switching tools and repeating the same triage steps for every observable.
Without TheHive
Automated, context-rich triage
Save significant time by automatically analyzing observables. Choose among hundreds of trusted threat intelligence sources.
With TheHive
Automation held back by tool limitations
Playbooks and response scripts stay theoretical because your tools won’t “talk” to each other.
Without TheHive
Smooth integrations boosting automation
Easily connect TheHive to orchestrators and your security stack to trigger automated actions and workflows from one unified platform.
With TheHive
Inconsistent workflows & missing data
Each analyst handles alerts differently, cases lack structure, and important details get lost—especially during high-volume periods.
Without TheHive
Clarity and standardization
Automate alert ingestion with Alert Feeder and standardize case management with case templates. Don’t miss any threat and any step of an investigation.
With TheHive
ecosystem

What you can integrate TheHive with

Easily deploy TheHive in your environment to automate and speed up routine actions and accelerate your incident response workflows.​
TheHive_Brandmark
See TheHive in action
Let us show you how it can adapt to your infrastructure ​and help build automated incident response workflows ​
Request a demo
Options

TheHive deployment options

Pick what suits your setup and needs​
TheHive - On-premise icon
On-premises (self-hosted)
You are in complete control of every aspect of TheHive that you install by yourself at your organization. It’s up to you to configure, update, monitor and operate the platform while enjoying everything it has to offer.
Learn more
SaaS_TH
Cloud Platform (SaaS)
Enjoy all the benefits of TheHive in our highly secure and dedicated AWS cloud environment. Focus on incident analysis and response while we handle the rest.
Learn more
TheHive - IaaS icon
Cloud Images (IaaS)
Work hassle-free with robust TheHive IaaS images, backed by the reliability and scalability of leading cloud services. We’ll provide the deployment code and keep these images updated and maintained.
Learn more
testimonials

Why users love TheHive​

See what security teams appreciate the most about our platform​
Thanks to the creative minds and community behind TheHive and Cortex, we can efficiently investigate alerts and threats at scale throughout our organization. Having TheHive allows the freedom to build, design, and integrate with all of our security analyst's tools.
Show more
Nicholas Penning
Cybersecurity architect, Bureau of Information and Telecommunications, State of South Dakota
CERT Arkéa has been using the TheHive/Cortex combo for several years. In addition to the monitoring of submitted cases, the analysis of IOCs and the automation of incident responses via Cortex are a huge added value to our daily activity. The ease of creating a responder allows us to interact with the various IS APIs (ticketing, proxy blacklisting, IP blocking, takedown of phishing sites). By industrializing and automating our processes via TheHive/Cortex, the analysts save precious time in resolving incidents.
Show more
Guillaume Roussel
CERT / CSIRT, ARKEA
My experience with TheHive platform was nothing short of exhilarating. It's like the turbocharged engine of our cybersecurity arsenal, accelerating our threatening message to new heights. TheHive’s sleek interface and top-tier customer support make it a true champion on the cybersecurity track. I am revved up to recommend it.
Show more
gartner.com
Software industry
TheHive is a very high-performance and scalable product, which is designed for different platforms, with a very good user-friendly interface.
Show more
gartner.com
Education industry
Thanks to the creative minds and community behind TheHive and Cortex, we can efficiently investigate alerts and threats at scale throughout our organization. Having TheHive allows the freedom to build, design, and integrate with all of our security analyst's tools.
Nicholas Penning
Cybersecurity architect, Bureau of Information and Telecommunications, State of South Dakota
CERT Arkéa has been using the TheHive/Cortex combo for several years. In addition to the monitoring of submitted cases, the analysis of IOCs and the automation of incident responses via Cortex are a huge added value to our daily activity. The ease of creating a responder allows us to interact with the various IS APIs (ticketing, proxy blacklisting, IP blocking, takedown of phishing sites). By industrializing and automating our processes via TheHive/Cortex, the analysts save precious time in resolving incidents.
Guillaume Roussel
CERT / CSIRT, ARKEA
View source
My experience with TheHive platform was nothing short of exhilarating. It's like the turbocharged engine of our cybersecurity arsenal, accelerating our threatening message to new heights. TheHive’s sleek interface and top-tier customer support make it a true champion on the cybersecurity track. I am revved up to recommend it.
gartner.com
Software industry
View source
TheHive is a very high-performance and scalable product, which is designed for different platforms, with a very good user-friendly interface.
gartner.com
Education industry
Anything else?

Frequently Asked Questions

Is TheHive what your team needs?​

Other
questions?

StrangeBee is happy to help! Contact us to get answers:

Ask questions
Who is TheHive designed for?

TheHive is built for SOC, CSIRT, CERT and MSSP teams that need to automate repetitive investigation steps and standardize incident response workflows. It supports both small teams and large, distributed operations.

How does TheHive automate incident response?

Analysts can automatically enrich observables via TheHive’s integration with 200+ trusted analyzers (ONYPHE, MISP and more) and choose among 100+ responders to swiftly react to threats. Convenient case templates also help standardize and speed up workflows.

How is TheHive different from traditional ticketing tools?

Unlike ticketing tools, TheHive understands security concepts (IOCs, observables, TLP, PAP, etc.). With it, you get automated enrichment and response actions right where analysts work—no extra layers needed.

How does TheHive improve team collaboration during automated workflows?

Each action is logged in the case timeline, giving teams full traceability. Analysts, managers and external partners can collaborate in real time on the same case, with role-based permissions ensuring that actions remain secure and auditable.

Can TheHive help with reporting on automated response activity?

Absolutely. Integrated dashboards, KPIs and customizable reports allow teams to track automated actions, measure performance and identify where automation reduces workload the most. You gain visibility into what’s automated, what’s pending and where to optimize next.

TheHive_Brandmark
Bee-come part of our hive!
Hundreds of teams in 50+ countries rely on our platform to boost their incident response workflows with automation.​
Put us to the test today:
Request a demo