Cyber Tool Stack
All tools

TheHive

By StrangeBee

A security incident response and case management platform with a huge community following from its open-source era. Versions 3 and 4 were AGPL open source but are end-of-life and no longer publicly distributed; the current TheHive 5, developed by StrangeBee, is a proprietary product with a free-but-limited Community license and paid tiers above it.

Verified Source: 1

Product type
Software
Deployment
On-premSaaS
Organization size
SMBMid-marketEnterprise
Pricing tier
Freemium

Capability checklist

SOAR

How TheHive measures up against the full Security Orchestration, Automation & Response taxonomy.

Playbook / workflow automation — not supported
Runs automated multi-step response actions triggered by an alert.
Case management — supported
Tracks an incident from alert to closure with notes, evidence, and assignments.
Integration & connector library — supported
Connects to SIEM, EDR, ticketing, and other tools to take action across the stack.
Alert triage & enrichment — supported
Automatically gathers context on an alert before an analyst sees it.
No-code / low-code playbook builder — not supported
Lets analysts build automation without writing custom scripts.
Metrics & SLA reporting — supported
Reports response times and automation impact against team SLAs.

Alternatives

Other Security Orchestration, Automation & Response tools with overlapping capabilities, sized for similar teams.

Appears in stacks

Real-world stacks that include TheHive.

Search Cyber Tool Stack

Jump to any tool, vendor, category, or glossary term.