---
title: TheHive Reviews
meta_title: 'TheHive Reviews 2026: Details, Pricing, & Features | G2'
meta_description: Filter 18 reviews by the users' company size, role or industry to
  find out how TheHive works for a business like yours.
aggregate_rating:
  rating_value: 4.3
  review_count: 18
  scale: '5'
date_modified: '2026-07-01'
parent_category:
  name: System Security
  url: https://www.g2.com/categories/system-security
---

# TheHive Reviews
**Vendor:** StrangeBee  
**Category:** [Incident Response Software](https://www.g2.com/categories/incident-response)  
**Average Rating:** 4.3/5.0  
**Total Reviews:** 18
## About TheHive
TheHive is a collaborative security case management platform designed to help SOC, CERT, CSIRT and MSSP teams manage the full incident response lifecycle. It serves as a central hub where security analysts can receive and triage alerts, conduct investigations, coordinate team actions and close incidents—all without switching tools. The platform integrates natively with other security tools, allowing teams to operate within existing workflows rather than replacing them. TheHive supports multi-tenancy, making it suitable for MSSPs and large organizations that manage security operations across multiple clients, business units or environments. Key capabilities include: - 300+ pre-built integrations: Connect TheHive to your SIEM, EDR, threat intelligence platforms, ticketing systems and other tools to embed it into existing infrastructure. - Alert ingestion and triage: Automatically receive, deduplicate and prioritize alerts from connected sources, with full visibility into alert status and assignment across the team. - Case and task management: Organize investigations using cases and tasks with defined ownership to maintain transparency and accountability. - Multi-tenancy and client isolation: Run separate, isolated workspaces for different clients or internal teams from a single deployment, with granular access controls and role-based permissions. - Automation: Trigger automated investigation or response actions, analyst notifications and third-party integrations, reducing manual effort. - Reporting and compliance: Generate incident reports and maintain full audit trails across investigations. Give external stakeholders controlled access to specific case details. TheHive is developed and maintained by StrangeBee and is trusted by 3,500+ security professionals across 50+ countries. Organizations including BMW, Thales, Pipedrive, Garmin and Cisco use TheHive to centralize and speed up incident response actions, enforce consistent processes across distributed teams, scale security operations and reduce alert fatigue. The platform is available as an on-premises deployment or as a cloud-hosted service, with tiered plans designed to match the operational needs of mid-size to large security teams. It supports air-gapped environments and offers deployment flexibility for organizations with strict data residency or compliance requirements.



## TheHive Pros & Cons
**What users like:**

- Users value the **customizable workflows** of TheHive, enhancing efficiency in incident management for teams. (1 reviews)
- Users find TheHive&#39;s **ease of use** and scalability ideal for efficiently managing incident response in SOCs and CSIRTs. (1 reviews)
- Users value the **good integrations and customizable workflows** of TheHive, enhancing collaborative incident management for SOCs and CSIRTs. (1 reviews)
- Users appreciate the **excellent integrations** of TheHive, enhancing collaboration and efficiency in incident management. (1 reviews)
- Users appreciate the **customizable workflows and integrations** of TheHive, enhancing collective incident management for SOCs and CSIRTs. (1 reviews)
- Visibility (1 reviews)

**What users dislike:**

- Users find the **complex setup** of TheHive daunting, often requiring community support for troubleshooting delays. (1 reviews)
- Users feel the **lack of guidance** in TheHive makes it challenging for new users to navigate and troubleshoot effectively. (1 reviews)
- New users find the **steep learning curve** of TheHive challenging, often requiring substantial community assistance for setup. (1 reviews)

## TheHive Reviews
  ### 1. Incident Response Platform: TheHive

**Rating:** 5.0/5.0 stars

**Reviewed by:** Sam F. | IT Security Officer, Enterprise (> 1000 emp.)

**Reviewed Date:** May 29, 2024

**What do you like best about TheHive?**

The platform plays a critical role in our incident response. It integrates with and automates many of our processes for our analysts, helping to decrease our response times. 

The platform is easy to set up, maintain, and use. There is also an active Discord community for sharing information and asking questions.

**What do you dislike about TheHive?**

None. We've fed back any problems we've had, which've all been taken onboard and resolved.

**What problems is TheHive solving and how is that benefiting you?**

The platform helps us automate our incident response processes and stores and correlates much of our data.

  ### 2. Opensource Case Management: TheHive

**Rating:** 5.0/5.0 stars

**Reviewed by:** Rohan G. | Mid-Market (51-1000 emp.)

**Reviewed Date:** June 23, 2023

**What do you like best about TheHive?**

TheHive is an open source which helps us to create & merge cases in which you are working.

You can integrate TheHive with Cortex & Wazuh, which maintains a better security posture.

For integration purposes, you need the API key of hive, which help us to integrate it with another software.

Also you can create different dashboards to visualise the cases & alerts coming from SIEM tool.

**What do you dislike about TheHive?**

TheHive5 is not an opensource it is a paid tool you have to paid to use it.

Also there are different opensource tool like IRIS which can be considered as competitor for TheHive.

**What problems is TheHive solving and how is that benefiting you?**

TheHive helps us to solve the problem of tracking down the incident and also you can assign the tasks to your teammates & track down the case.

Also if your investigation is over, you can close this case with proper justification.

You can also integrate tool with different SIEM, Threat Intel tool etc.

  ### 3. Best Open Source Case management

**Rating:** 4.5/5.0 stars

**Reviewed by:** Satykam A. | Red Team Director, Mid-Market (51-1000 emp.)

**Reviewed Date:** June 03, 2022

**What do you like best about TheHive?**

Best part of TheHive is its integration with multiple threat intelligence tools like Cortex and MISP

**What do you dislike about TheHive?**

some of the module not working properly, rest all is fine

**What problems is TheHive solving and how is that benefiting you?**

Best for SOC team for incident response and case management

  ### 4. Thehive Overview

**Rating:** 5.0/5.0 stars

**Reviewed by:** Yash P. | Senior SOC ANALYST, Mid-Market (51-1000 emp.)

**Reviewed Date:** December 08, 2021

**What do you like best about TheHive?**

Easy to use and Configure. Various Integration with various threat intel tools.

**What do you dislike about TheHive?**

Sometimes it's the cortex module's analyzers not working properly.

**What problems is TheHive solving and how is that benefiting you?**

Using TheHive we get all alerts from our SIEM tool to thehive and easily manage. Immense benefits.

  ### 5. Case Management

**Rating:** 4.0/5.0 stars

**Reviewed by:** Verified User in Computer & Network Security | Mid-Market (51-1000 emp.)

**Reviewed Date:** December 08, 2021

**What do you like best about TheHive?**

integration with cortex (threat intelligence) and misp (threat exchange)

**What do you dislike about TheHive?**

Looks fine nothing missing into it.
Product looks promising

**What problems is TheHive solving and how is that benefiting you?**

Incident Response and Incident Handling is performed and managed very nicely.

  ### 6. Excelent tool on Enterprise Level

**Rating:** 5.0/5.0 stars

**Reviewed by:** Verified User in Telecommunications | Enterprise (> 1000 emp.)

**Reviewed Date:** October 14, 2019

**What do you like best about TheHive?**

The Alert Management and the Openness of TheHive allows it to easily integrate from small to Enterprise large installations. We are able to use it in a very big Environment with extremly complex use-cases and Operation processes and it works really great.
It is becoming a new de-facto-Standard for SOAR Tools on enterprise Level.
Especially the native Integration of MISP Interface is really helpfull. Addintional the New TheHiveFile-System, Multi-Tenancy, Case-, Alert- and Observable sharing are outstanding features, that makes this product to choince number 1.

**What do you dislike about TheHive?**

TheHive is grewing constantly and as there are always new Features you have to ensure that you can install the new updates in time to be able to constatnly increasing productivitiy.
Sometimes it takes a little time to get reaction from the support team, especially regarding new feature requests.

**What problems is TheHive solving and how is that benefiting you?**

Multi-Tier OC Operations

  ### 7. Thank you for your feedback! If you have any specific text in an unknown language that you need translated, please provide it, and I'll be happy to assist.

**Rating:** 5.0/5.0 stars

**Reviewed by:** Julien M. | Cyber Security Analyst - CERT Gemalto, Enterprise (> 1000 emp.)

**Reviewed Date:** September 12, 2019

**What do you like best about TheHive?**

Maintained Dockers, scalability, efficiency in CTI checks, easy to use, design, and connectivity to other tools thanks to the strong contributions from the community.

**What do you dislike about TheHive?**

Tags or comments are mandatory for observables. Tags for Indicators of Compromise (IOCs) (not event tags) are pushed to MISP during exports, and there should be no rotation of cases (e.g., do not delete closed cases after 2 months). Finally, analyzers and responders must be reviewed to reduce confusion between investigation and response.

**What problems is TheHive solving and how is that benefiting you?**

Fastup assessments, CTI investigations, sharing.

  ### 8. Soar not a soar

**Rating:** 3.5/5.0 stars

**Reviewed by:** Verified User in Civil Engineering | Mid-Market (51-1000 emp.)

**Reviewed Date:** October 22, 2019

**What do you like best about TheHive?**

I was looking for a SOAR system, TheHive is not a SOAR but can help analysts and SOC specialists on incident response activities

**What do you dislike about TheHive?**

Installation is too complicated for a beginner

**Recommendations to others considering TheHive:**

Use TheHive if you are skilled with Linux OS and server CLI

**What problems is TheHive solving and how is that benefiting you?**

Deploy a new SOAR system

  ### 9. Hive review 

**Rating:** 4.5/5.0 stars

**Reviewed by:** Verified User in Information Services | Enterprise (> 1000 emp.)

**Reviewed Date:** May 10, 2019

**What do you like best about TheHive?**

Its easy to use once you get the hang of it.ince can be. Reated quickly and assignment groups are easy to use and configure. 

**What do you dislike about TheHive?**

It take a little time to learn it,it is missing many options that competitors offer

**Recommendations to others considering TheHive:**

Hand held and mac,windows

**What problems is TheHive solving and how is that benefiting you?**

Incident response and incident logging,tracking and trend analysis 

  ### 10. Works great.

**Rating:** 5.0/5.0 stars

**Reviewed by:** Eric T. | Special Forces Officer, Military, Mid-Market (51-1000 emp.)

**Reviewed Date:** January 02, 2018

**What do you like best about TheHive?**

We like the fact the since implementation our downtime is very low.

**What do you dislike about TheHive?**

We don’t have anything at this time that we have wanted to address with anyone.

**What problems is TheHive solving and how is that benefiting you?**

What problems are we not solving? It’s helped us shape the IT side our what we do for companies.

  ### 11. Quick and efficient

**Rating:** 4.5/5.0 stars

**Reviewed by:** Verified User in Apparel & Fashion | Small-Business (50 or fewer emp.)

**Reviewed Date:** December 22, 2017

**What do you like best about TheHive?**

I like that the software is quick and easy to use

**What do you dislike about TheHive?**

It does take a long time to upload each file

**Recommendations to others considering TheHive:**

Be patient it gets great

**What problems is TheHive solving and how is that benefiting you?**

I'm solving typical i t problems  and I realize that they have helped.

  ### 12. Feedback on hive

**Rating:** 3.5/5.0 stars

**Reviewed by:** Debanjan G. | Senior Technical Architect (Cloud), Information Technology and Services, Enterprise (> 1000 emp.)

**Reviewed Date:** December 26, 2017

**What do you like best about TheHive?**

It is very scalable solution ,high performance ,good solution for generic incident response issues 

**What do you dislike about TheHive?**

Better end user documentation and white papers 

**What problems is TheHive solving and how is that benefiting you?**

Easy to use and analyze incident response system

  ### 13. The hive is easy to use with ROI

**Rating:** 3.0/5.0 stars

**Reviewed by:** Verified User in Computer Hardware | Small-Business (50 or fewer emp.)

**Reviewed Date:** December 26, 2017

**What do you like best about TheHive?**

It is designed for different environments and provides user friendly application gui

**What do you dislike about TheHive?**

The product has been great I have not found anything I dislouke

**Recommendations to others considering TheHive:**

This is a great product, with good support and easy to implement. Very little training was needed to navigate for use. 

**What problems is TheHive solving and how is that benefiting you?**

The collaboration method and being able to use the hive in various capacities.

  ### 14. The Hive

**Rating:** 4.0/5.0 stars

**Reviewed by:** Verified User in Financial Services | Enterprise (> 1000 emp.)

**Reviewed Date:** December 08, 2017

**What do you like best about TheHive?**

The response time and analysis features are the two best

**What do you dislike about TheHive?**

Haven't found anything yet that's bad with the hive

**Recommendations to others considering TheHive:**

Consider options and pricing before choosing to go with this option. 

**What problems is TheHive solving and how is that benefiting you?**

The hive offers a real time solution for threat management. It is able to this better than some others.

  ### 15. Good tool

**Rating:** 3.5/5.0 stars

**Reviewed by:** Verified User in Computer Software | Mid-Market (51-1000 emp.)

**Reviewed Date:** December 21, 2017

**What do you like best about TheHive?**

Thehive is good tool and it provides good information.

**What do you dislike about TheHive?**

It is not an exclusive tool and we need to use others.

**What problems is TheHive solving and how is that benefiting you?**

We were solved the incident reporting system but we needed other tools to support it.

  ### 16. Useful in some situations

**Rating:** 3.5/5.0 stars

**Reviewed by:** Verified User in Financial Services | Enterprise (> 1000 emp.)

**Reviewed Date:** November 28, 2017

**What do you like best about TheHive?**

Ui worked great. Was very easy to use and worked just how it looked. 

**What do you dislike about TheHive?**

Just couldn't find use for it. Could not use it to make our problems

**What problems is TheHive solving and how is that benefiting you?**

Never really got much traction with it

  ### 17. Product is good

**Rating:** 4.0/5.0 stars

**Reviewed by:** Verified User in Financial Services | Enterprise (> 1000 emp.)

**Reviewed Date:** December 14, 2017

**What do you like best about TheHive?**

The hive i like and it worked good.performance wise it is slow.

**What do you dislike about TheHive?**

Impala performance is very bad..too slow

**What problems is TheHive solving and how is that benefiting you?**

Trying to solve big data problem

  ### 18. Data analysis 

**Rating:** 4.0/5.0 stars

**Reviewed by:** Verified User in Telecommunications | Enterprise (> 1000 emp.)

**Reviewed Date:** December 12, 2017

**What do you like best about TheHive?**

Sufficient, organized, open source, free security incident response platform

**What do you dislike about TheHive?**

Nothing at the moment. Will submit if there is any. 

**Recommendations to others considering TheHive:**

Yes

**What problems is TheHive solving and how is that benefiting you?**

Big data 


## TheHive Discussions
  - [What is TheHive used for?](https://www.g2.com/discussions/what-is-thehive-used-for) - 1 comment

- [View TheHive pricing details and edition comparison](https://www.g2.com/products/thehive/reviews?section=pricing&secure%5Bexpires_at%5D=2026-07-01+15%3A59%3A24+-0500&secure%5Bsession_id%5D=f562a3c2-f295-4988-97aa-d6039c58ef5c&secure%5Btoken%5D=13df253ef028465d8d1cda2fdb23f952b255f1a5b3c51e1977492c2020757c56&format=llm_user)
## TheHive Integrations
  - [CrowdStrike Falcon Endpoint Protection Platform](https://www.g2.com/products/crowdstrike-falcon-endpoint-protection-platform/reviews)
  - [Google Threat Intelligence](https://www.g2.com/products/google-threat-intelligence/reviews)
  - [Mattermost](https://www.g2.com/products/mattermost/reviews)
  - [Microsoft Defender for Endpoint](https://www.g2.com/products/microsoft-defender-for-endpoint/reviews)
  - [Microsoft Defender for Office 365](https://www.g2.com/products/microsoft-microsoft-defender-for-office-365/reviews)
  - [Microsoft Entra ID](https://www.g2.com/products/microsoft-entra-id/reviews)
  - [Microsoft Teams](https://www.g2.com/products/microsoft-teams/reviews)
  - [Proofpoint Adaptive Email Security](https://www.g2.com/products/proofpoint-adaptive-email-security/reviews)
  - [Recorded Future](https://www.g2.com/products/recorded-future/reviews)
  - [Shodan](https://www.g2.com/products/shodan/reviews)
  - [Slack](https://www.g2.com/products/slack/reviews)
  - [Splunk](https://www.g2.com/products/splunk-2025-01-30/reviews)
  - [VirusTotal](https://www.g2.com/products/virustotal/reviews)

## TheHive Features
**Response**
- Resolution Automation
- Resolution Guidance
- System Isolation
- Threat Intelligence
- Incident Investigation

**Records**
- Incident Logs
- Incident Reports

**Management**
- Incident Alerts
- Incident Case Management
- Workflow Management

**Generative AI**
- AI Text Generation
- AI Text Summarization

## Top TheHive Alternatives
  - [IBM QRadar SOAR](https://www.g2.com/products/ibm-qradar-soar/reviews) - 4.0/5.0 (25 reviews)
  - [Wazuh](https://www.g2.com/products/wazuh/reviews) - 4.5/5.0 (67 reviews)
  - [LevelBlue USM Anywhere](https://www.g2.com/products/levelblue-usm-anywhere/reviews) - 4.4/5.0 (102 reviews)

