TheHive
Security incident response platform: cases, tasks, observables, MISP sync, and timeline collaboration.
Why it is included
Widely used open case management for SOCs and CSIRTs.
Best for
Structured IR workflows with analyst teams and metrics.
Strengths
- Case model
- MISP integration
- Dashboards
Limitations
- Companion Cortex needed for rich observable analysis
Good alternatives
RTIR · commercial SOAR/case tools
Related tools
Security & Privacy
Cortex
Observable analysis engine powering TheHive: run analyzers and responders against IOCs via a unified API.
Security & Privacy
MISP
Threat intelligence sharing platform: IOCs, galaxies, taxonomies, sync between communities, and API automation.
Security & Privacy
DFIR-IRIS
Collaborative incident response platform: cases, timelines, evidence, tasks, and integrations with MISP, VT, and webhooks.
Security & Privacy
OpenCTI
Open cyber threat intelligence platform with knowledge graph, connectors (MISP, STIX/TAXII), and investigation UI.
Security & Privacy
Shuffle
Open-source security automation (SOAR) with visual workflows, webhooks, and app integrations for SOC glue code.
Security & Privacy
Wazuh
Open security platform combining SIEM, XDR, file integrity monitoring, and compliance checks across endpoints and cloud.