Listing Thumbnail

    TheHive v4 Official AMI

     Info
    Sold by: StrangeBee 
    Free Trial
    A 4-in-1 Security Incident Response Platform
    Listing Thumbnail

    TheHive v4 Official AMI

     Info
    Sold by: StrangeBee 

    Overview

    TheHive - A scalable, open source and free Security Incident Response Platform, tightly integrated with MISP (Malware Information Sharing Platform), designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly. This AMI is brought to you by StrangeBee, the company founded by three co-creators of TheHive to provide its users with deep expertise and a unique know-how. By doing so, StrangeBee boosts both the development of the product, new features for TheHive & Cortex as well as the ecosystem.

    Highlights

    • Incident Management
    • Alert Triage
    • Observable enrichment

    Details

    Delivery method

    Delivery option
    64-bit (x86) Amazon Machine Image (AMI)

    Latest version

    Operating system
    Ubuntu 20.04

    Typical total price

    This estimate is based on use of the seller's recommended configuration (m5.xlarge) in the US East (N. Virginia) Region. View pricing details

    $1.752/hour

    Features and programs

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases

    Pricing

    Free trial

    Try this product at no cost for 5 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.

    TheHive v4 Official AMI

     Info
    Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covering your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
    Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator  to estimate your infrastructure costs.

    Usage costs (5)

     Info
    Instance type
    Product cost/hour
    EC2 cost/hour
    Total/hour
    m5.large
    $1.24
    $0.096
    $1.336
    m5.xlarge
    Recommended
    $1.56
    $0.192
    $1.752
    m5.2xlarge
    $1.98
    $0.384
    $2.364
    m5.4xlarge
    $2.68
    $0.768
    $3.448
    m5.8xlarge
    $3.62
    $1.536
    $5.156

    Additional AWS infrastructure costs

    Type
    Cost
    EBS General Purpose SSD (gp2) volumes
    $0.10/per GB/month of provisioned storage

    Vendor refund policy

    We do not offer refunds for hourly usage fees after free trial has expired but you can cancel at any time.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    64-bit (x86) Amazon Machine Image (AMI)

    Amazon Machine Image (AMI)

    An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.

    Version release notes

    This is the July 2022 TheHive v4 AMI update. It includes TheHive v4.1.23 along with Ubuntu 20.04.4 OS updates (change log available here: https://github.com/TheHive-Project/TheHive/releases ). IMPORTANT - TheHive v4 will be supported until the end of 2022, consider upgrading to TheHive v5 (AMI already available: https://aws.amazon.com/marketplace/pp/prodview-gcjij3iscupae ). Contact us at aws@strangebee.com  if you need any help with that. We are also pleased to inform you that with the release of TheHive v5, the companion Cortex AMI is now a free product, get it here: https://aws.amazon.com/marketplace/pp/prodview-6mcx44ljm4qla 

    Additional details

    Usage instructions

    We are pleased to introduce our new TheHive v4 AMI !

    • You can easily initialise a new instance or restore a previous TheHive v4 instance using scripts included in the image.
    • Data is stored on three dedicated volumes: database, storage attachments and indexes.
    • The AMI is based on the official Ubuntu 20.04 LTS AMI from Canonical.
    • The default OS hardening has been improved compared to our previous Ubuntu 18.04 based AMIs.

    You can set up a new TheHive install or launch an instance with existing users and data. The AMI is updated with each TheHive release.

    • TheHive runs as unprivileged user "thehive" and listens on port http 9000. We encourage you never to open that port outside your VPC. Information on using the AWS Application Load Balancer or reverse proxies to handle TLS sessions is available on our website.
    • ssh listens on port 22 and the default user is "ubuntu".

    New install:

    Launch an instance from the AMI

    • ssh with the "ubuntu" user
    • Initialise and format the EBS volumes: /dev/sdh, /dev/sdi and /dev/sdj
    • Launch the initialisation script with the EBS volume block device names as argument: /opt/thehive/ops/scripts/ops-thehive4-init.sh /dev/sdh /dev/sdi /dev/sdj

    That's it! TheHive is now available on port 9000. The default admin account is "admin@thehive.local " with password "secret" (change it!).

    For detailed instructions, including how to launch an instance with existing data, check our AMI usage instructions on our website: https://www.strangebee.com/iaas/documentation/aws-thehive4/ 

    Support

    Vendor support

    For AMI usage related questions, contact us at aws@strangebee.com . Free product support is provided by the community. You can refer to the official documentation at https://docs.thehive-project.org . Use the community chat at https://chat.thehive-project.org  to ask questions. StrangeBee also offers professional support. Visit our website for more information: https://strangebee.com/services  aws@strangebee.com 

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Similar products

    Customer reviews

    Ratings and reviews

     Info
    0 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    0%
    0%
    0%
    0%
    0%
    0 AWS reviews
    |
    18 external reviews
    External reviews are sourced from G2  and are not included in the star rating for this product.
    Sam F.

    Incident Response Platform: TheHive

    Reviewed on May 29, 2024
    Review provided by G2
    What do you like best about the product?
    The platform plays a critical role in our incident response. It integrates with and automates many of our processes for our analysts, helping to decrease our response times.

    The platform is easy to set up, maintain, and use. There is also an active Discord community for sharing information and asking questions.
    What do you dislike about the product?
    None. We've fed back any problems we've had, which've all been taken onboard and resolved.
    What problems is the product solving and how is that benefiting you?
    The platform helps us automate our incident response processes and stores and correlates much of our data.
    Rohan G.

    Opensource Case Management: TheHive

    Reviewed on Jun 23, 2023
    Review provided by G2
    What do you like best about the product?
    TheHive is an open source which helps us to create & merge cases in which you are working.

    You can integrate TheHive with Cortex & Wazuh, which maintains a better security posture.

    For integration purposes, you need the API key of hive, which help us to integrate it with another software.

    Also you can create different dashboards to visualise the cases & alerts coming from SIEM tool.
    What do you dislike about the product?
    TheHive5 is not an opensource it is a paid tool you have to paid to use it.

    Also there are different opensource tool like IRIS which can be considered as competitor for TheHive.
    What problems is the product solving and how is that benefiting you?
    TheHive helps us to solve the problem of tracking down the incident and also you can assign the tasks to your teammates & track down the case.

    Also if your investigation is over, you can close this case with proper justification.

    You can also integrate tool with different SIEM, Threat Intel tool etc.
    Satykam A.

    Best Open Source Case management

    Reviewed on Jun 03, 2022
    Review provided by G2
    What do you like best about the product?
    Best part of TheHive is its integration with multiple threat intelligence tools like Cortex and MISP
    What do you dislike about the product?
    some of the module not working properly, rest all is fine
    What problems is the product solving and how is that benefiting you?
    Best for SOC team for incident response and case management
    Yash P.

    Thehive Overview

    Reviewed on Dec 08, 2021
    Review provided by G2
    What do you like best about the product?
    Easy to use and Configure. Various Integration with various threat intel tools.
    What do you dislike about the product?
    Sometimes it's the cortex module's analyzers not working properly.
    What problems is the product solving and how is that benefiting you?
    Using TheHive we get all alerts from our SIEM tool to thehive and easily manage. Immense benefits.
    Computer & Network Security

    Case Management

    Reviewed on Dec 08, 2021
    Review provided by G2
    What do you like best about the product?
    integration with cortex (threat intelligence) and misp (threat exchange)
    What do you dislike about the product?
    Looks fine nothing missing into it.
    Product looks promising
    What problems is the product solving and how is that benefiting you?
    Incident Response and Incident Handling is performed and managed very nicely.
    View all reviews