Overview
TheHive - A scalable, open source and free Security Incident Response Platform, tightly integrated with MISP (Malware Information Sharing Platform), designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly. This AMI is brought to you by StrangeBee, the company founded by three co-creators of TheHive to provide its users with deep expertise and a unique know-how. By doing so, StrangeBee boosts both the development of the product, new features for TheHive & Cortex as well as the ecosystem.
Highlights
- Incident Management
- Alert Triage
- Observable enrichment
Details
Typical total price
$1.752/hour
Features and programs
Financing for AWS Marketplace purchases
Pricing
Free trial
Instance type | Product cost/hour | EC2 cost/hour | Total/hour |
---|---|---|---|
m5.large | $1.24 | $0.096 | $1.336 |
m5.xlarge Recommended | $1.56 | $0.192 | $1.752 |
m5.2xlarge | $1.98 | $0.384 | $2.364 |
m5.4xlarge | $2.68 | $0.768 | $3.448 |
m5.8xlarge | $3.62 | $1.536 | $5.156 |
Additional AWS infrastructure costs
Type | Cost |
---|---|
EBS General Purpose SSD (gp2) volumes | $0.10/per GB/month of provisioned storage |
Vendor refund policy
We do not offer refunds for hourly usage fees after free trial has expired but you can cancel at any time.
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
This is the July 2022 TheHive v4 AMI update. It includes TheHive v4.1.23 along with Ubuntu 20.04.4 OS updates (change log available here: https://github.com/TheHive-Project/TheHive/releases ). IMPORTANT - TheHive v4 will be supported until the end of 2022, consider upgrading to TheHive v5 (AMI already available: https://aws.amazon.com/marketplace/pp/prodview-gcjij3iscupae ). Contact us at aws@strangebee.com if you need any help with that. We are also pleased to inform you that with the release of TheHive v5, the companion Cortex AMI is now a free product, get it here: https://aws.amazon.com/marketplace/pp/prodview-6mcx44ljm4qla
Additional details
Usage instructions
We are pleased to introduce our new TheHive v4 AMI !
- You can easily initialise a new instance or restore a previous TheHive v4 instance using scripts included in the image.
- Data is stored on three dedicated volumes: database, storage attachments and indexes.
- The AMI is based on the official Ubuntu 20.04 LTS AMI from Canonical.
- The default OS hardening has been improved compared to our previous Ubuntu 18.04 based AMIs.
You can set up a new TheHive install or launch an instance with existing users and data. The AMI is updated with each TheHive release.
- TheHive runs as unprivileged user "thehive" and listens on port http 9000. We encourage you never to open that port outside your VPC. Information on using the AWS Application Load Balancer or reverse proxies to handle TLS sessions is available on our website.
- ssh listens on port 22 and the default user is "ubuntu".
New install:
Launch an instance from the AMI
- ssh with the "ubuntu" user
- Initialise and format the EBS volumes: /dev/sdh, /dev/sdi and /dev/sdj
- Launch the initialisation script with the EBS volume block device names as argument: /opt/thehive/ops/scripts/ops-thehive4-init.sh /dev/sdh /dev/sdi /dev/sdj
That's it! TheHive is now available on port 9000. The default admin account is "admin@thehive.local " with password "secret" (change it!).
For detailed instructions, including how to launch an instance with existing data, check our AMI usage instructions on our website: https://www.strangebee.com/iaas/documentation/aws-thehive4/
Resources
Vendor resources
Support
Vendor support
For AMI usage related questions, contact us at aws@strangebee.com . Free product support is provided by the community. You can refer to the official documentation at https://docs.thehive-project.org . Use the community chat at https://chat.thehive-project.org to ask questions. StrangeBee also offers professional support. Visit our website for more information: https://strangebee.com/services aws@strangebee.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Customer reviews
Incident Response Platform: TheHive
The platform is easy to set up, maintain, and use. There is also an active Discord community for sharing information and asking questions.
Opensource Case Management: TheHive
You can integrate TheHive with Cortex & Wazuh, which maintains a better security posture.
For integration purposes, you need the API key of hive, which help us to integrate it with another software.
Also you can create different dashboards to visualise the cases & alerts coming from SIEM tool.
Also there are different opensource tool like IRIS which can be considered as competitor for TheHive.
Also if your investigation is over, you can close this case with proper justification.
You can also integrate tool with different SIEM, Threat Intel tool etc.
Best Open Source Case management
Thehive Overview
Case Management
Product looks promising