A scalable, open source and free Security Incident Response Platform, tightly integrated with MISP (Malware Information Sharing Platform), designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly.
As you are working in Alerts, Hunt, or Kibana, you may find alerts or logs that are interesting enough to send to TheHive and create a case. Other analysts can collaborate with you as you work to close that case.
In Kibana you will see a scripted field named
Push to TheHive with a value of
Click to create a case in TheHive. This will use the API to add this new event to TheHive.
TheHive reads its configuration from
/opt/so/conf/thehive/. However, please keep in mind that if you make any changes to this directory they may be overwritten since the configuration is managed with Salt.
TheHive logging can be found at