Fly to the website
Create a free account to apply in seconds
Empowering incident responders worldwide
One Case Management Platform for all SOCs, CERTs & CSIRTs
who we are
We are StrangeBee, the bees behind TheHive—a pioneer Security Case Management Platform trusted worldwide.
Get complete threat visibility, boost your incident response, keep your security landscape in check and collaborate as you see fit. Harness the power of our Cortex automation engine to resolve problems in the blink of an eye.
Trusted worldwide by those who value security the most
benefits
How TheHive works
Trust the platform by StrangeBee to make you enjoy incident response
Unite all tools in one
• Save time as TheHive automatically receives alerts from all your security platforms.
• Let no incident go unnoticed: benefit from convenient triaging, filtering and response, as well as capabilities for their automation.
• Get notified about recent events via your preferred channels. Define notification rules to invoke Webhooks, send emails, Slack and Mattermost messages, or call custom HTTP requests.
Enrich your cases
• Create customized reports, attach files or critical pieces of evidence, add metrics and custom fields to your cases.
• Add tags and password-protected ZIP archives containing malware or suspicious data without needing to open them.
• Leverage tags, flag IOCs, sightings and identify previously seen observables to feed your threat intelligence.
Collaborate in real time
• Define different organizations and teams and get them to work in a dedicated or collaborative mode.
• Customize roles and permissions to isolate cases or allow users from different organizations to investigate them.
• Easily follow the collaboration progress with the live incident dashboard and real-time action visibility.
• Assign tasks to different users, check their progress, see statuses and avoid several people accidentally doing the same work.
Find out all there is to know
• Use more than 200 integrated analyzers to quickly learn if an observable is truly malicious.
• Get shared IOCs swiftly imported from MISP and ready to use or share with your communities.
• Import all MITRE ATT&CK Framework TTPs to your alert management.
• Import tactics and techniques of a particular case or alert or simply export them to a MISP event.
Automate analysis and response
• Leverage the power of our Cortex engine to automatically analyze up to hundreds of observables at once and trigger active responses.
Simplify your work
• Create cases and associated tasks using a simple yet powerful template engine.
• Add up to thousands of observables or import them directly from MISP or any alert on the platform.
• Identify similar cases and alerts, define the PAP (Permissible Actions Protocol) level on each observable.
• Customize templates, timelines and dashboards; create your own analyzers and responders.
StrangeBee is a cybersecurity company founded in 2018 by the creators of TheHive and Cortex. Since then, we’ve been constantly enhancing what we offer, always relying on our users’ feedback and keeping a close eye on what’s happening in the field. Today, we are a big international beehive based in Paris 🐝
2018
Year of establishment
X3
Yearly team expansion
50+
Countries using our products
18
Employee nationalities
About us
Get to know
our hive better
StrangeBee is a cybersecurity company founded in 2018 by the creators of TheHive and Cortex. Since then, we’ve been constantly enhancing what we offer, always relying on our users’ feedback and keeping a close eye on what’s happening in the field. Today, we are a big international beehive based in Paris 🐝
testimonials
What our users say
We have been using TheHive for many years for our internal needs and those of our customers. It is a tool we have seen evolve over time, which is simple to use and effective for our day-to-day operational activities. The SOAR component is quite relevant and efficiently allows for improving the operational load of SOC/CSIRT analysts. It facilitates our life and has a multitude of integration possibilities with third-party tools such as MISP.
Abdoulaye Fadiga
GM, Global Cyber Operations EU, BT Business
Thanks to the creative minds and community behind TheHive and Cortex, we can efficiently investigate alerts and threats at scale throughout our organization. Having TheHive allows the freedom to build, design, and integrate with all of our security analyst's tools.
Nicholas Penning
Cybersecurity architect, Bureau of Information and Telecommunications, State of South Dakota
CERT Arkéa has been using the TheHive/Cortex combo for several years. In addition to the monitoring of submitted cases, the analysis of IOCs and the automation of incident responses via Cortex are a huge added value to our daily activity. The ease of creating a responder allows us to interact with the various IS APIs (ticketing, proxy blacklisting, IP blocking, takedown of phishing sites). By industrializing and automating our processes via TheHive/Cortex, the analysts save precious time in resolving incidents.
Guillaume Roussel
CERT / CSIRT, ARKEA
My experience with TheHive platform was nothing short of exhilarating. It's like the turbocharged engine of our cybersecurity arsenal, accelerating our threatening message to new heights. TheHive’s sleek interface and top-tier customer support make it a true champion on the cybersecurity track. I am revved up to recommend it.
Software industry
TheHive is a very high-performance and scalable product, which is designed for different platforms, with a very good user-friendly interface.
Education industry
TheHive is incredibly adaptable to our workflow needs. Its alert management system and integration capabilities make it suitable for both small setups and large enterprises.
Manufacturing industry
TheHive is a pretty cool tool for dealing with cyber incidents. You can tweak it to fit your needs, and it plays well with other security tools. It's great for teamwork, helps you stay organized, and makes it easier to figure out which threats are serious.
IT services industry