TheHive Reviews

Name: TheHive
Brand: StrangeBee
Rating: 4.2 (3 reviews)

Vendor: StrangeBee

4.2 out of 5

3 reviews
100% willing to recommend

Leave a review

What is TheHive?

TheHive is an open-source incident response platform designed for security teams to efficiently manage and control security incidents. It enhances collaboration and streamlines workflow processes to address threats quickly.

Get the TheHive Buyer's Guide and find out what your peers are saying about TheHive and more!

Helped 891,869 peers since 2012

Featured TheHive reviews

Karsh Trivedi

Soc Analyst at Payatu

TheHive is actually quite beautiful and very optimized. If I had to improve anything, I would say that it could improve costing. TheHive is pretty expensive right now. With a low number of users, it works for how the business runs, but I feel that it is pretty expensive when you want to go for the commercial versions, which is where people might not want to go with it. Cost is the only downside, but it is the major downside. I would like to share an incident with you about a recent meeting I had with a client regarding TheHive. The only trigger that they had not to go with TheHive was the cost. Everything looked very good and was very fine, but the costing part was hard. The costing part was something that made them hold off on TheHive and choose a different solution. Over the years, TheHive has improved significantly in how the platform is used and how cases are managed. One good feature that I appreciated when I moved from TheHive 4 to TheHive 5 was the dark mode. When Strange Bee did the rebranding and made it a closed-source product, they added the dark mode feature, which I need because I am not good with light screens. TheHive was the only tool having only white mode capabilities. Once they added it, they have improved a lot. Many connectors are added, and many more integrations are possible now with TheHive. Basically, the appearance, performance, and integrations have improved a lot over the years.

Read full review

Kalpesh Pawar

Technical Head Cloud Services at Softcell Technologies Limited

TheHive offers centralized multi-tenant case management, which helps us to manage incidents for multiple customers with proper segregation and audit tracking. TheHive's Cortex integration for automation enables enrichment and automated response actions, reducing SOC overload. Additionally, custom workflows and task templates standardize incident handling across projects and improve operational consistency. The Cortex integration has had the biggest impact on my team's day-to-day work. It automates IOC analysis and response actions directly from cases, which reduces manual integrations, investigation efforts, and analyst workload significantly. It also improves response speed and consistency across all customer incidents. We also value observable management in our operations. TheHive has positively impacted my organization by improving the structured handling of IOCs, IPs, hashes, and domains, which enhances investigation accuracy. Tagging and case templates help standardize workflows across customers and projects, while API integration and support make it easy to connect with SIEMs, SOARs, and other cloud tools. TheHive has contributed to our organization positively by enabling us to see thirty to forty percent faster incident handling due to automated enrichment and structured case flow workflows. It has improved SOC efficiency with centralized case management and reduced manual tracking. Additionally, we have enhanced audit readiness and customer reporting with complete incident lifecycle visibility.

Read full review

Pavan Ingaleshwar

Soc Analyst at ISECURION

TheHive's best features include collaboration and case management built for security teams, especially IOCs and observable IOCs, IOC findings and handling, as well as adding screenshots, test domains, IPs, hashes, and files. Multiple analysts can work on the same incidents, integration is very friendly, and searching for historical cases is easy and very helpful. Integration with SIM, MISP, Cortex, Wazuh, ELK, and other tools is seamless; with a little bit of experience or documentation, any employee can manage it. Searching historical cases is useful for repeated threats and incidents, making it helpful for our team. TheHive has positively impacted our current organization by establishing a mature SOC process, improving visibility into open cases and open incidents, and reducing missed follow-ups. It allows for faster case ownership and accountability, along with better analyst and colleague coordination. In my experience, MTTR improves around 25 to 35 percent, and case tracking efficiency has significantly improved. Additionally, it has resulted in less duplicate analyst effort, which is a positive outcome, and easier handover between shifts is also helpful.

Read full review

TheHive mindshare

As of April 2026, the mindshare of TheHive in the AWS Marketplace category stands at 0.2%, down from 0.3% compared to the previous year, according to calculations based on PeerSpot user engagement data.

AWS Marketplace Mindshare Distribution
Product	Mindshare (%)
TheHive	0.2%
WaitTime Gate Queue	0.5%
HZWTech Device Studio	0.5%
Other	98.8%

AWS Marketplace

PeerResearch reports based on TheHive reviews

Type	Title	Date
Product	Reviews, tips, and advice from real users	Apr 28, 2026	Download

Key learnings from peers

Last updated Apr 19, 2026

Valuable Features

"TheHive has positively impacted our current organization by establishing a mature SOC process, improving visibility into open cases and open incidents, and reducing missed follow-ups."
"TheHive has contributed to our organization positively by enabling us to see thirty to forty percent faster incident handling due to automated enrichment and structured case flow workflows."
"The people at TheHive have made it very customizable, flexible, and very security-centric, as they understand what a particular incident responder or security team needs and provide it quite well."

Room for Improvement

"TheHive's user interface could be improved, as new analysts need some training."
"However, I did not give it a perfect ten because it has some minor gaps in reporting, UI, and automation latency, which prevented it from achieving a higher score of ten."
"Cost is the only downside, but it is the major downside."

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our TheHive Buyer's Guide for additional reliable information.

Top industries

By visitors reading reviews

Construction Company

30%

Media Company

11%

Manufacturing Company

Comms Service Provider

Government

University

Computer Software Company

Educational Organization

Financial Services Firm

Insurance Company

Outsourcing Company

Healthcare Company

Transportation Company

Wholesaler/Distributor

Aerospace/Defense Firm

Consumer Goods Company

Performing Arts

Real Estate/Law Firm

Retailer

Wellness & Fitness Company

Learn more about TheHive

TheHive provides a collaborative environment for cybersecurity professionals, facilitating efficient handling of security events, intelligence collection, and threat analyses. It integrates with a variety of security tools, offering a flexible solution adaptable to different security architectures. Users appreciate its capacity to customize workflows and its compatibility with technologies that enhance incident management and reporting capabilities.

What are the most important features of TheHive?

Scalability: Easily adapts to the size and scale of operations.
Integration Capabilities: Connects seamlessly with security tools.
Customizable Workflows: Tailors processes to suit team requirements.
Collaboration Tools: Facilitates team communication for efficient incident management.
Threat Intelligence Sharing: Enhances threat understanding through shared insights.

What benefits and ROI should users consider in reviews?

Improved Response Times: Streamlines incident management for faster threat resolution.
Cost Efficiency: Open-source model reduces costs associated with incident management.
Enhanced Team Collaboration: Tools designed to improve teamwork and coordination.
Flexibility: Customizable features offer adaptability to specific operational needs.

In industries such as finance, healthcare, and telecom, TheHive improves incident response by enabling analysts to collaborate in real-time, effectively mitigate threats, and comply with stringent regulatory requirements. Its flexibility allows the integration of bespoke security tools, making it an effective asset in industry-specific applications.

Product Categories

AWS Marketplace

TheHive Reviews Summary
Author info	Rating	Review Summary
Soc Analyst at Payatu	4.0	TheHive significantly improved my incident response with its excellent case management and integrations. While I find it highly effective and customizable, the main drawback is its high cost, which often deters potential users.
Technical Head Cloud Services at Softcell Technologies Limited	4.0	I use TheHive for multi-customer incident response, appreciating its multi-tenant case management and Cortex integration for automation, boosting efficiency by 30-40%. Despite minor UI/reporting limitations and automation latency, it's a very effective solution.
Soc Analyst at ISECURION	4.5	TheHive structures security alerts into collaborative investigation cases, greatly improving our incident response efficiency and MTTR. While the UI needs work, I recommend it for SOC teams to replace manual tracking and generic systems.

TheHive Reviews

What is TheHive?

Featured TheHive reviews

TheHive mindshare

PeerResearch reports based on TheHive reviews

Valuable Features

Room for Improvement

Top industries

Learn more about TheHive

Related questions

Product Categories