It's been two months since this profile received a new review

TheHive Reviews & Product Details

A scalable, Security Incident Response Platform, tightly integrated with MISP (Malware Information Sharing Platform), designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly.

Seller

TheHive

Languages Supported

English

Product Description

TheHive is a scalable, open source and free security incident response solution.

Overview by

Nabil Adouani (CEO at StrangeBee, Building TheHive)

Value at a Glance

Averages based on real user reviews.

Perceived Cost

$$$$$

View More Pricing Information

Top-Rated Alternatives

Wazuh - The Open Source Security Platform

4.5/5

(59)

LevelBlue USM Anywhere

View All Alternatives

TheHive Media

A view that displays a filterable cases list

A view showing the list of tasks of a given case

A view showing the list of alerts received by TheHive from MISP or other third party platform

A user defined dashboard

TheHive Reviews (19)

G2 reviews are authentic and verified.

Here's how.

Verified User in Information Technology and Services

Mid-Market (51-1000 emp.)

11/24/2024

"The Efficiency of Incident Response, with The Hive. An Extensive Evaluation"

4/5

What do you like best about TheHive?

TheHive is a great, open-source platform with good integrations using such tools as MISP and Cortex, characterizing a platform exemplary for collective work. Besides having customizable workflows, it is easy to use and scale, rendering the tool perfectly suitable for SOCs and CSIRTs in managing the peculiarities of incidents efficiently. Review collected by and hosted on G2.com.

What do you dislike about TheHive?

New users may be daunted by the steep learning curve and complex setup in TheHive, much like MISP; definitely, dependence on community support can delay troubleshooting. Review collected by and hosted on G2.com.

Sam F.

IT Security Officer

Enterprise (> 1000 emp.)

5/29/2024

"Incident Response Platform: TheHive"

5/5

What do you like best about TheHive?

The platform plays a critical role in our incident response. It integrates with and automates many of our processes for our analysts, helping to decrease our response times.

The platform is easy to set up, maintain, and use. There is also an active Discord community for sharing information and asking questions. Review collected by and hosted on G2.com.

What do you dislike about TheHive?

None. We've fed back any problems we've had, which've all been taken onboard and resolved. Review collected by and hosted on G2.com.

Rohan G.

Mid-Market (51-1000 emp.)

6/23/2023

"Opensource Case Management: TheHive"

5/5

What do you like best about TheHive?

TheHive is an open source which helps us to create & merge cases in which you are working.

You can integrate TheHive with Cortex & Wazuh, which maintains a better security posture.

For integration purposes, you need the API key of hive, which help us to integrate it with another software.

Also you can create different dashboards to visualise the cases & alerts coming from SIEM tool. Review collected by and hosted on G2.com.

What do you dislike about TheHive?

TheHive5 is not an opensource it is a paid tool you have to paid to use it.

Also there are different opensource tool like IRIS which can be considered as competitor for TheHive. Review collected by and hosted on G2.com.

What problems is TheHive solving and how is that benefiting you?

TheHive helps us to solve the problem of tracking down the incident and also you can assign the tasks to your teammates & track down the case.

Also if your investigation is over, you can close this case with proper justification.

You can also integrate tool with different SIEM, Threat Intel tool etc. Review collected by and hosted on G2.com.

Satykam A.

Red Team Director

Mid-Market (51-1000 emp.)

6/3/2022

"Best Open Source Case management"

4.5/5

What do you like best about TheHive?

Best part of TheHive is its integration with multiple threat intelligence tools like Cortex and MISP Review collected by and hosted on G2.com.

What do you dislike about TheHive?

some of the module not working properly, rest all is fine Review collected by and hosted on G2.com.

Yash P.

Senior SOC ANALYST

Mid-Market (51-1000 emp.)

12/8/2021

"Thehive Overview"

5/5

What do you like best about TheHive?

Easy to use and Configure. Various Integration with various threat intel tools. Review collected by and hosted on G2.com.

What do you dislike about TheHive?

Sometimes it's the cortex module's analyzers not working properly. Review collected by and hosted on G2.com.

Verified User in Computer & Network Security

Mid-Market (51-1000 emp.)

12/8/2021

"Case Management"

4/5

What do you like best about TheHive?

integration with cortex (threat intelligence) and misp (threat exchange) Review collected by and hosted on G2.com.

What do you dislike about TheHive?

Looks fine nothing missing into it.

Product looks promising Review collected by and hosted on G2.com.

Verified User in Telecommunications

Enterprise (> 1000 emp.)

10/14/2019

"Excelent tool on Enterprise Level"

5/5

What do you like best about TheHive?

The Alert Management and the Openness of TheHive allows it to easily integrate from small to Enterprise large installations. We are able to use it in a very big Environment with extremly complex use-cases and Operation processes and it works really great.

It is becoming a new de-facto-Standard for SOAR Tools on enterprise Level.

Especially the native Integration of MISP Interface is really helpfull. Addintional the New TheHiveFile-System, Multi-Tenancy, Case-, Alert- and Observable sharing are outstanding features, that makes this product to choince number 1. Review collected by and hosted on G2.com.

What do you dislike about TheHive?

TheHive is grewing constantly and as there are always new Features you have to ensure that you can install the new updates in time to be able to constatnly increasing productivitiy.

Sometimes it takes a little time to get reaction from the support team, especially regarding new feature requests. Review collected by and hosted on G2.com.

Julien M.

Cyber Security Analyst - CERT Gemalto

Enterprise (> 1000 emp.)

9/12/2019

"Thank you for your feedback! If you have any specific text in an unknown language that you need translated, please provide it, and I'll be happy to assist."

5/5

What do you like best about TheHive?

Maintained Dockers, scalability, efficiency in CTI checks, easy to use, design, and connectivity to other tools thanks to the strong contributions from the community. Review collected by and hosted on G2.com.

What do you dislike about TheHive?

Tags or comments are mandatory for observables. Tags for Indicators of Compromise (IOCs) (not event tags) are pushed to MISP during exports, and there should be no rotation of cases (e.g., do not delete closed cases after 2 months). Finally, analyzers and responders must be reviewed to reduce confusion between investigation and response. Review collected by and hosted on G2.com.

Verified User in Civil Engineering

Mid-Market (51-1000 emp.)

10/22/2019

"Soar not a soar"

3.5/5

What do you like best about TheHive?

I was looking for a SOAR system, TheHive is not a SOAR but can help analysts and SOC specialists on incident response activities Review collected by and hosted on G2.com.

What do you dislike about TheHive?

Installation is too complicated for a beginner Review collected by and hosted on G2.com.

Verified User in Information Services

Enterprise (> 1000 emp.)

5/10/2019

"Hive review "

4.5/5

What do you like best about TheHive?

Its easy to use once you get the hang of it.ince can be. Reated quickly and assignment groups are easy to use and configure. Review collected by and hosted on G2.com.

What do you dislike about TheHive?

It take a little time to learn it,it is missing many options that competitors offer Review collected by and hosted on G2.com.