Overview
TheHive - A scalable Security Incident Response Platform, tightly integrated with MISP (Malware Information Sharing Platform), designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly.
This AMI is brought to you by StrangeBee, the company founded by three co-creators of TheHive to provide its users with deep expertise and a unique know-how. By doing so, StrangeBee boosts both the development of the product, new features for TheHive & Cortex as well as the ecosystem.
Highlights
- Security Incident Management
- Alert Triage
- Observable enrichment
Details
Features and programs
Financing for AWS Marketplace purchases
Pricing
Additional AWS infrastructure costs
Type | Cost |
---|---|
EBS General Purpose SSD (gp2) volumes | $0.10/per GB/month of provisioned storage |
Vendor refund policy
There are no software fees charged by AWS to use this AMI. We offer no refund for other fees such as AWS infrastructure use. You can claim a free community license at https://www.strangebee.com/thehive/
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
AMI updated with TheHive v5.4.0, Cassandra v4.1.7 and ElasticSearch v7.17.24 (along with the latest Ubuntu 20.04.6 LTS OS updates).
Changelog available here: https://docs.strangebee.com/thehive/release-notes/release-notes-5.2/
Additional details
Usage instructions
Detailed AMI instructions are available at https://strangebee.com/thehive-iaas-aws/
Turnkey Terraform code to easily deploy TheHive and Cortex in a few minutes is available at: https://github.com/StrangeBeeCorp/cloud-distrib-resources/tree/master/aws
The companion Cortex AMI is now a free product, get it here: https://aws.amazon.com/marketplace/pp/prodview-6mcx44ljm4qla
SECURITY INFORMATION All sensitive information saved by customers is stored on the three (3) dedicated EBS data volumes attached to your instance: one volume for the Cassandra database, one volume for the database indexes and one volume for file storage (observables attached to TheHive cases). All data is thus located in the same region as your instance.
When using the recommended configuration, all EBS volumes (system and data) should be encrypted using your default regional KMS encryption key.
HEALTH CHECKS To assess and monitor the health and proper function of the application:
- navigate to your Amazon EC2 console and verify that you're in the correct region
- choose Instance and select your launched instance
- select the Status checks tab to review if your status checks passed or failed
TheHive listens on port 9000. You can configure your health checks to verify the following URL: http://server_ip:9000/api/status
Resources
Vendor resources
Support
Vendor support
For AMI usage related questions, contact us at aws@strangebee.com . You can refer to the official documentation at https://docs.strangebee.com/thehive . Use the community chat at https://chat.thehive-project.org to ask questions. StrangeBee also offers professional support. Visit our website for more information:
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.