Request a demo

Explore our plans for TheHive

Find the package that works best for you
Community
First-class Security Case Management Platform for everyone
Free
For 2 users
Download
See all features
Gold
Suited for most internal cyber incident response teams
Starting from 5 users & 1 organization
Get started
See all features
Platinum
Empowering large organizations with distributed teams
Starting from 5 users & 1 organization
Get started
See all features

Features

Features by service level
Community
Gold
Platinum
Quotas
Number of users
2
pay per user
pay per user
Number of organizations
1
Pay per org
(up to 5)
Pay per org
Multi-tenancy
Cortex servers
1
Up to 5
Unlimited
MISP servers
1
Up to 5
Unlimited
Features
Define custom views
Custom knowledge base
White labeling
Clustering support
Case management
Case attachments
Case similar alerts
Case pages
Case comments
Case from MISP file
Case timeline
Case export/import
Custom case lifecycle
Case reporting
Alert management
Alert comments
Similar alerts
Alert TTPs
Alert observable analysis
Custom alert lifecycle
User management
User enrollment
Unified user management
Custom user profiles
LDAP/AD user synchronization
Integration
Sync MISP TTPs
MITRE ATT&CK TTP catalogs
Email Intake
IMAP
IMAP, MS O365, Google Workspace
Automation
Webhooks
Email notifications
Cortex automatic actions
Custom HTTP request
Slack, Mattermost, Kafka
Custom functions
Security & compliance
Two-factor authentication
Local authentication
LDAP authentication
AD authentication
OAuth 2 (SSO)
SAML 2.0
Custom HTTP header authentication
GDPR feature
Support
Support coverage
Community
Business hours (EU)
Business hours (EU)
Support channels
Community
+ Email
+ Chat & video
Response time
Community
2 business days
1 business day
Priority handling of bugs
Priority handling of feature requests
Operational process & workflow consulting
Community
Option available
Option available
Integration Development Consulting
Community
Option available
Option available
Community
Free
Gold
Platinum

Quotas

Number of users
2
pay per user
pay per user
Number of organizations
1
Pay per org
(up to 5)
Pay per org
Multi-tenancy
Cortex servers
1
Up to 5
Unlimited
MISP servers
1
Up to 5
Unlimited

Features

Define custom views
Custom knowledge base
White labeling
Clustering support

Case management

Case attachments
Case similar alerts
Case pages
Case comments
Case from MISP file
Case timeline
Case export/import
Custom case lifecycle
Case reporting

Alert management

Alert comments
Similar alerts
Alert TTPs
Alert observable analysis
Custom alert lifecycle

User management

User enrollment
Unified user management
Custom user profiles
LDAP/AD user synchronization

Integration

Sync MISP TTPs
MITRE ATT&CK TTP catalogs
Email Intake
IMAP
IMAP, MS O365, Google Workspace

Automation

Webhooks
Email notifications
Cortex automatic actions
Custom HTTP request
Slack, Mattermost, Kafka
Custom functions

Security & compliance

Two-factor authentication
Local authentication
LDAP authentication
AD authentication
OAuth 2 (SSO)
SAML 2.0
Custom HTTP header authentication
GDPR feature

Support

Support coverage
Community
Business hours (EU)
Business hours (EU)
Support channels
Community
+ Email
+ Chat & video
Response time
Community
2 business days
1 business day
Priority handling of bugs
Priority handling of feature requests
Operational process & workflow consulting
Community
Option available
Option available
Integration Development Consulting
Community
Option available
Option available
Trusted worldwide by those who value security the most
testimonials

What our users say

We have been using TheHive for many years for our internal needs and those of our customers. It is a tool we have seen evolve over time, which is simple to use and effective for our day-to-day operational activities. The SOAR component is quite relevant and efficiently allows for improving the operational load of SOC/CSIRT analysts. It facilitates our life and has a multitude of integration possibilities with third-party tools such as MISP.
Abdoulaye Fadiga

GM, Global Cyber Operations EU, BT Business

Thanks to the creative minds and community behind TheHive and Cortex, we can efficiently investigate alerts and threats at scale throughout our organization. Having TheHive allows the freedom to build, design, and integrate with all of our security analyst's tools.
Nicholas Penning

Cybersecurity architect, Bureau of Information and Telecommunications, State of South Dakota

CERT Arkéa has been using the TheHive/Cortex combo for several years. In addition to the monitoring of submitted cases, the analysis of IOCs and the automation of incident responses via Cortex are a huge added value to our daily activity. The ease of creating a responder allows us to interact with the various IS APIs (ticketing, proxy blacklisting, IP blocking, takedown of phishing sites). By industrializing and automating our processes via TheHive/Cortex, the analysts save precious time in resolving incidents.
Guillaume Roussel

CERT / CSIRT, ARKEA

My experience with TheHive platform was nothing short of exhilarating. It's like the turbocharged engine of our cybersecurity arsenal, accelerating our threatening message to new heights. TheHive’s sleek interface and top-tier customer support make it a true champion on the cybersecurity track. I am revved up to recommend it.
gartner.com

Software industry

TheHive is a very high-performance and scalable product, which is designed for different platforms, with a very good user-friendly interface.
gartner.com

Education industry

TheHive is incredibly adaptable to our workflow needs. Its alert management system and integration capabilities make it suitable for both small setups and large enterprises.
gartner.com

Manufacturing industry

TheHive is a pretty cool tool for dealing with cyber incidents. You can tweak it to fit your needs, and it plays well with other security tools. It's great for teamwork, helps you stay organized, and makes it easier to figure out which threats are serious.
gartner.com

IT services industry

Our experience with TheHive has been largely positive. It has become an integral part of our incident response and threat intelligence workflow.
gartner.com

IT services industry

TheHive is a powerful and versatile tool for security incident response. It has the ability to automate tasks very well. TheHive has a user-friendly and intuitive interface that makes it easy to create, manage, and analyze security incidents.
gartner.com

IT services industry

From the first deployment until today, it has proved itself to be a game-changer in cybersecurity, and the results are evident. It helps automate repetitive security tasks and workflows. It also reduces the overall work pressure on our threat analysts, who can, in return, focus more on critical tasks and thus improve response time. The UI is also smooth, and navigation is easy. Integration and deployment were done quickly as well.
gartner.com

Insurance (except health) industry

It boasts tight integration with MISP and has been specifically designed to streamline and accelerate the resolution of security incidents. The three most important things that I liked about it are: 1. The ability to facilitate collaboration among multiple SOCs and CERTs. 2. It simplifies the management of tasks and alerts originating from various sources. 3. It is user-friendly and cost-effective.
gartner.com

Transportation industry

I have had a positive experience utilizing TheHive, a product implemented by our parent company and has helped us easily navigate incident response cases.
gartner.com

Construction industry

Excellent speed. User-friendly UI. Excellent support: TheHive's support team operates like a well-oiled pit crew, consistently responsive and prepared to assist.
gartner.com

Education industry

[TheHive] facilitates the creation and consolidation of cases within your ongoing work. The alert management and flexible integration capabilities of TheHive enable seamless adoption across a spectrum of installations, ranging from small setups to expansive enterprise deployments.
gartner.com

Software industry

Ease of use, easy integration with various security tools, able to be used in big environments.
gartner.com

Miscellaneous industry

TheHive makes life easier for SOCs
gartner.com

Miscellaneous industry

A scalable Security Incident Response platform. Very powerful. Recommended.
gartner.com

IT services industry

A very good tool to manage incident response workflows, it helps create and maintain a structure for your security operations team.
gartner.com

Banking industry

TheHive helps us create and merge cases. You can integrate it with Cortex and Wazuh, which maintains a better security posture. TheHive also helps us solve the problem of tracking down incidents. You can assign tasks to your teammates and track down the case. Also, if your investigation is over, you can close this case with proper justification. You can also integrate the tool with different SIEMs, Threat Intel tools, etc.
g2.com

Miscellaneous industry

The best part of TheHive is its integration with multiple threat intelligence tools like Cortex and MISP. Best for SOC teams for their incident response and case management.
g2.com

Miscellaneous industry

Easy to use and configure. Various integrations with various threat intel tools. We get all alerts from our SIEM on TheHive and easily manage them. Immense benefits.
g2.com

Miscellaneous industry

The alert management and the openness of TheHive allow to easily integrate it with different enterprise installations, from small to large. We are able to use it in a very big environment with extremely complex use cases and operation processes, and it works really great. The native integration of MISP interface is really helpful. TheHive’s file system, multi-tenancy, sharing of cases, alerts and observables are outstanding features that make this product choice number 1.
g2.com

Miscellaneous industry

What I like the most about TheHive are maintained dockers, scalability, efficiency in CTI checks, ease of use, design, and connectivity to other tools, thanks to the strong contributions from the community.
Julien M.

Cybersecurity analyst, CERT Gemalto

TheHive is designed for different environments and provides a user-friendly application GUI. It is a great product with good support and is easy to implement. Very little training was needed to navigate and use it. The collaboration method and being able to use TheHive in various capacities.
g2.com

Miscellaneous industry

Anything else?

Frequently Asked Questions

Other
questions?

StrangeBee is happy to help! Get the answers directly from our experts.

What is a 'user' for the License?

A user is any person who needs to have access to TheHive’s user interface. If you have a team of 10 people, you will need a license for 10 users. Users with read-only profiles and with profiles that only require unlicensed permissions (manageDashboard, manageUser, manageConfig, manageKnowledgeBase and all permissions that come with administration-type profiles) are free.

Can we pay monthly?

All our plans are offered on a yearly subscription only.

Is it possible to upgrade my package or infrastructure type during my subscription?

Yes, you can purchase licenses for more users and organizations or upgrade your dedicated infrastructure during an ongoing subscription while keeping all your data and configuration.

Is it possible to downgrade my package or infrastructure type during my subscription?

No, ongoing subscriptions cannot be downgraded during their agreement period, but you can downgrade upon renewal.

Can I convert my trial subscription into production?

Yes. If you wish, at the end of the trial period, you can ask for your trial data to be migrated to your production environment.

Bee-come part of TheHive!

Hundreds of teams all over the world rely on our platform to manage security incidents more efficiently than ever.
Put us to the test today!