TheHive is a scalable 4-in-1 open source and free security incident response platform designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly. Thanks to Cortex, our powerful free and open source analysis engine, you can analyze (and triage) observables at scale using more than 100 analyzers.
Additionally and starting from TheHive 3.1.0, you can actively respond to threats and interact with your constituency and other parties thanks to Cortex responders.
Last but not least, TheHive is highly integrated with MISP, the de facto standard of threat sharing, as it can pull events from several MISP instances and export investigation cases back to one or several ones. It also has additional features such as MISP extended events and health checking.
Notes:
- You are looking for documentation related to TheHive 4.0 ? Please follow the 🐝.
- This is TheHive's documentation repository. If you are looking for its source code, please visit https://github.com/TheHive-Project/TheHive/.
Hardware Pre-requisites
TheHive uses ElasticSearch to store data. Both software use a Java VM. We recommend using a virtual machine with 8vCPU, 8 GB of RAM and 60 GB of disk. You can also use a physical machine with similar specifications.
Guides
- Installation Guide
- Administration Guide
- Configuration Guide
- Webhooks
- Cluster Configuration
- Updating
- Backup & Restore
- Migration Guide
- API Documentation (incomplete)
Miscellaneous Information
- Feature Set (In Progress)
- Changelog
- FAQ
- Training Material
- Additional Resources
- Single Sign-On on TheHive with X.509 Certificates (Experimental Feature)
License
TheHive is an open source and free software released under the AGPL (Affero General Public License). We, TheHive Project, are committed to ensure that TheHive will remain a free and open source project on the long-run.
Updates
Information, news and updates are regularly posted on TheHive Project Twitter account and on the blog.
Contributing
We welcome your contributions. Please feel free to fork the code, play with it, make some patches and send us pull requests using issues.
We do have a Code of conduct. Make sure to check it out before contributing.
Support
Please open an issue on GitHub if you'd like to report a bug or request a feature. We are also available on Gitter to help you out.
If you need to contact the Project's team, send an email to support@thehive-project.org.
Important Note:
- If you have problems with TheHive4py, please open an issue on its dedicated repository.
- If you encounter an issue with Cortex or would like to request a Cortex-related feature, please open an issue on its dedicated GitHub repository.
- If you have troubles with a Cortex analyzer or would like to request a new one or an improvement to an existing analyzer, please open an issue on the analyzers' dedicated GitHub repository.
Community Discussions
We have set up a Google forum at https://groups.google.com/a/thehive-project.org/d/forum/users. To request access, you need a Google account. You may create one using a Gmail address or without it.