EN
English
Request a demo
EN
English
Products
Pricing
Company
Resources
Events
Request a demo

Use cases

Learn how TheHive assists security teams in responding efficiently to potential threats.

To help you see our platform’s features in action, we've created specific fictitious scenarios. These use cases illustrate how it can be used to tackle real-world cybersecurity challenges, highlighting its automation and integration capabilities.

Request a demo
Request a demo
Use cases
Alert triage Manage your cyber defense External communication Automated DFIR Continuous improvement Phishing
Use cases
Alert triage Manage your cyber defense External communication Automated DFIR Continuous improvement Phishing
Basic_Category_icon Basic

Alert triage

TheHive’s automated triage optimizes alert management by integrating detection tools using custom JavaScript Functions. These Functions create alerts directly, eliminating middleware.
Predefined triggers run automated analyzers on observables like IPs and file hashes, delivering real-time threat reports.

Learn more
Alert triage
External communication and other Intermediate

Manage your cyber defense

TheHive boosts cyber defense management with powerful case and observable management tools:

  • Cases are created instantly with predefined tasks that guide analysts, ensuring procedures are followed.
  • Observables, like IPs and file hashes, are enriched with context for more precise analysis.
  • Automated analyzers provide real-time threat assessments, and automated responders allow teams to take immediate action, such as isolating compromised hosts or blocking malicious IPs.
Learn more
Manage your defense infographic 2
External communication and other Intermediate

External communication

TheHive improves external communication and response by automating key processes.

  • User-reported phishing alerts are automatically parsed and ingested.
  • Alerts from SIEM, EDR and CTI tools are integrated, providing real-time updates.
  • Responders take swift action, isolating compromised endpoints and blocking malicious IPs.
  • Notifications inform stakeholders in real time, while MISP exports share IOCs with external partners.
Learn more
External communication infographic 2
External communication and other Intermediate

Automated DFIR

TheHive automates Digital Forensics and Incident Response by transforming non-native alerts, like those from Cortex XDR, into actionable formats using custom Functions.

Learn more
#4 — Automated DFIR
Advanced_UseCase Advanced

Continuous improvement

TheHive supports continuous improvement by optimizing alert triage, case management and response.

  • Alerts are quickly triaged, with true positives escalated to full cases for detailed analysis.
  • Responders neutralize threats, applying relevant TTPs for incidents like phishing or malware.
  • The internal Knowledge Base is updated with new findings, and case templates are refined based on lessons learned.
Learn more
#5 — Continuous improvement
Advanced_UseCase Advanced

Phishing

TheHive eases phishing incident response with automatic email ingestion, extracting key observables like sender details and links.

Learn more
#6 — Phishing
Use cases
Alert triage Manage your cyber defense External communication Automated DFIR Continuous improvement Phishing

Bee-come part of TheHive!

Hundreds of teams all over the world rely on our platform to manage cybersecurity cases more efficiently than ever.

Put us to the test today:

Request a demo