TheHive was integrated by Mindflow to enable users to automate their incident management and better protect their information system.
TheHive is an open-source Incident Response Platform, available on-premise. The solution is designed to be scalable and tightly integrated with MISP (Malware Information Sharing Platform) to ease the work for SOCs, CSIRTs, CERTs, and other SecOps by aggregating alerts from multiple sources (email reports, CTI, SIEMs).
SecOps can collaborate on investigations on the platform thanks to the built-in live stream that allows real-time information about new or existing cases, tasks, observables, and IOCs.
Teams can harness the template engine to anticipate the platform’s known cases and associated tasks. In each case, SecOps can add metrics and custom fields to drive their activity, identify the investigations that take significant time, and point toward which tasks they should seek to automate.
To improve communication on these use cases, SecOps can record their progress, attach pieces of evidence or essential files, add tags, and import password-protected ZIP archives containing malware or suspicious data without opening them.