Posted: 15th April 2022

Product Overview

TheHive is a scalable, open source and free Security Incident Response Platform, tightly integrated with MISP (Malware Information Sharing Platform), designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly. TheHive enables analysts to collaborate, elaborate, and act to gain precious insight, speed up your investigation, and contain threats.

Challenges Overcome Through Integration

The integration between TheHive and Recorded Future provides the necessary context around incident observables to assist incident responders in making more informed decisions, quicker dismissal of false positives, prioritizing incidents to reduce risk, and overall saves analyst time. Automated case creation in TheHive from Recorded Future alerts related to company risk such as newly registered typosquatting domains, leaked credentials found on the dark web, and much more.

Integration Description

Recorded Future for TheHive allows users to Enrich observables using Recorded Future’s open, closed, technical and proprietary intelligence via Cortex Analyzers. Additionally, users can feed Recorded Future alerts into TheHive to automate case creation.