Overview
TheHive - A scalable Security Incident Response Platform, tightly integrated with MISP (Malware Information Sharing Platform), designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly.
This AMI is brought to you by StrangeBee, the company founded by three co-creators of TheHive to provide its users with deep expertise and a unique know-how. By doing so, StrangeBee boosts both the development of the product, new features for TheHive & Cortex as well as the ecosystem.
Highlights
- Security Incident Management
- Alert Triage
- Observable enrichment
Details
Sold by
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
Ubuntu 20.04
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing and entitlements for this product are managed through an external billing relationship between you and the vendor. You activate the product by supplying a license purchased outside of AWS Marketplace, while AWS provides the infrastructure required to launch the product. AWS Subscriptions have no end date and may be canceled any time. However, the cancellation won't affect the status of the external license.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Vendor refund policy
There are no software fees charged by AWS to use this AMI. We offer no refund for other fees such as AWS infrastructure use. You can claim a free community license at https://www.strangebee.com/thehive/
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
*** AMI NOW BASED ON UBUNTU 24.04.2 LTS ***
AMI updated with TheHive v5.4.9, Cassandra v4.1.8 and ElasticSearch v7.17.28 (along with the latest Ubuntu 24.04.2 LTS OS updates).
Changelog available here: https://docs.strangebee.com/thehive/release-notes/release-notes-5.4/
Additional details
Usage instructions
Detailed AMI instructions are available at https://strangebee.com/thehive-iaas-aws/
Turnkey Terraform code to easily deploy TheHive and Cortex in a few minutes is available at: https://github.com/StrangeBeeCorp/cloud-distrib-resources/tree/master/aws
The companion Cortex AMI is now a free product, get it here: https://aws.amazon.com/marketplace/pp/prodview-6mcx44ljm4qla
SECURITY INFORMATION All sensitive information saved by customers is stored on the three (3) dedicated EBS data volumes attached to your instance: one volume for the Cassandra database, one volume for the database indexes and one volume for file storage (observables attached to TheHive cases). All data is thus located in the same region as your instance.
When using the recommended configuration, all EBS volumes (system and data) should be encrypted using your default regional KMS encryption key.
HEALTH CHECKS To assess and monitor the health and proper function of the application:
- navigate to your Amazon EC2 console and verify that you're in the correct region
- choose Instance and select your launched instance
- select the Status checks tab to review if your status checks passed or failed
TheHive listens on port 9000. You can configure your health checks to verify the following URL: http://server_ip:9000/api/status
Resources
Vendor resources
Support
Vendor support
For AMI usage related questions, contact us at aws@strangebee.com . You can refer to the official documentation at
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
MISP Threat Intelligence : Secured W/ Flatcar Linux
By Decyphertek
MISP is a professionally repackaged version of an open source Cyber Threat Intelligence Platform, enhanced with advanced security features and offered as a ready to deploy solution. While the core software remains open source, Decyphertek charges a fee for the added security enhancements and streamlined deployment process. This ensures users receive a secure, reliable, and enterprise grade solution without the complexities of manual setup.
SIEMonster
By SIEMonster Inc
SIEMonster is built by professional hackers with 20 years experience in cyber security.
V5 auto deploys providing a SIEM with XDR endpoint protection, SOAR, Threat detection with SOC playbooks, and the ability to process unlimited event-per-second (EPS) ingestion that scales for any-sized business
Customer reviews
No customer reviews yet
Be the first to write a review for this product.