back to the arsenal

// arsenal·Blue TeamIntermediateFOSS

TheHive

Open-source security incident response platform — case management for the SOC.

Blue Team

$ thehive --help

TheHive

// what it is

Description

Scalable SOAR-adjacent case management platform built around 'cases', 'tasks', and 'observables'. Pairs with Cortex (analyzer engine) and MISP (threat intel platform).

// use cases

What people use it for

IR case tracking
SOC ticket and workflow management

// facts

category: Blue Team
platforms: LIN
license: FOSS
difficulty: Intermediate

// links

// related in Blue Team

Blue TeamIntermediate

Snort

The original open-source network intrusion detection system.

Blue TeamIntermediate

Suricata

OISF's multi-threaded NIDS — modern Snort-rule-compatible alternative.

Blue TeamIntermediate

Wazuh

Open-source XDR + SIEM platform — OSSEC fork with modern dashboards.