loader image

TheHive

x Mindflow

TheHive was integrated by Mindflow to enable users to automate their incident management and better protect their information system.

TheHive Overview

TheHive is an open-source Incident Response Platform, available on-premise. The solution is designed to be scalable and tightly integrated with MISP (Malware Information Sharing Platform) to ease the work for SOCs, CSIRTs, CERTs, and other SecOps by aggregating alerts from multiple sources (email reports, CTI, SIEMs).

SecOps can collaborate on investigations on the platform thanks to the built-in live stream that allows real-time information about new or existing cases, tasks, observables, and IOCs.

the hive

Teams can harness the template engine to anticipate the platform’s known cases and associated tasks. In each case, SecOps can add metrics and custom fields to drive their activity, identify the investigations that take significant time, and point toward which tasks they should seek to automate.

To improve communication on these use cases, SecOps can record their progress, attach pieces of evidence or essential files, add tags, and import password-protected ZIP archives containing malware or suspicious data without opening them.

Benefits

  • A dedicated and detailed Alert page where SecOps can make comments, identify similar Alerts, define custom statuses and fields, and decide if one alert should be escalated to investigations or incident response
  • Improve your Incident Response Plan by using a template engine
  • Add metrics on cases, tasks, observables, metrics, and more to generate KPIs through a dynamic dashboard engine
  • Import IOCs by connecting TheHive with MISP
  • Import MITRE ATT&CK Framework TTPs to TheHive Alert management

Want to enhance your service with orchestration and automation capabilities? Get in touch with our partner team.

Related integrations