External Integrations Catalog
Community and vendor-built integrations that connect various platforms with TheHive and Cortex.
Overview
Total External Integrations: 10
External integrations are developed and maintained by vendors, community members, or third parties. They provide additional ways to connect TheHive with other security tools and platforms.
Browse by Type
app (1 integration)
TheHive 5 Integration - Shuffle Native Shuffle app integration that enables workflow automation with TheHive 5 for automated case management, alert handling, and incident response orchestration Documentation
connector (3 integrations)
falcon2thehive - CrowdStrike Falcon Real-time connector that streams CrowdStrike Falcon detection events into TheHive, turning Falcon alerts into actionable TheHive Alerts. Supports DetectionSummaryEvent, IdentityProtectionEvent, and MobileDetectionSummaryEvent with automatic observable extraction and TTP mapping. Documentation
TheHive Connector for Kibana - Elasticsearch Native Kibana connector that allows Elasticsearch to create alerts and create cases in TheHive Documentation
TheHive Project Connector - Tines Native Tines credential connector that enables workflows to interact with TheHive for automated incident creation, updates, and case management Documentation
extension (1 integration)
TheHive Extension - Rapid7 InsightConnect Rapid7 InsightConnect extension that enables automated workflows with TheHive for case management, alert handling, and incident response orchestration Documentation
integration (2 integrations)
TheHive Integration (via Polarity) - ThreatConnect Polarity-TheHive integration that enables security analysts to search TheHive instances for indicators, create and manage cases, view case details including severity and status, and understand indicator context through summary tags for coordinated incident response Documentation
TheHive Project Integration - Cortex XSOAR Native Cortex XSOAR integration that enables bidirectional case synchronization, task management, observable handling, and automated workflows between XSOAR and TheHive with support for case merging and mirroring Documentation
soar-connector (1 integration)
TheHive SOAR Connector - Splunk Official Splunk SOAR connector with 16 actions for case management, task operations, observable handling, and TTP tracking to automate incident response workflows between Splunk and TheHive Documentation
technical-addon (1 integration)
TheHive/Cortex Technical Add-on - Splunk Bidirectional integration add-on that pulls case and alert events from TheHive, retrieves Cortex job information, and enables creating alerts/cases and executing functions in TheHive directly from Splunk searches and dashboards Documentation
workflow-nodes (1 integration)
Cortex and TheHive Nodes - n8n Pre-built workflow nodes that enable automated data transfer and task orchestration between n8n, Cortex analyzers/responders, and TheHive cases/alerts/observables Documentation
Browse by Vendor Category
EDR (1 integration)
falcon2thehive - CrowdStrike Falcon
Real-time connector that streams CrowdStrike Falcon detection events into TheHive, turning Falcon alerts into actionable TheHive Alerts. Supports DetectionSummaryEvent, IdentityProtectionEvent, and MobileDetectionSummaryEvent with automatic observable extraction and TTP mapping.
Type: connector
Documentation
SIEM & Analytics (3 integrations)
TheHive Connector for Kibana - Elasticsearch
Native Kibana connector that allows Elasticsearch to create alerts and create cases in TheHive
Type: connector
Documentation
TheHive SOAR Connector - Splunk
Official Splunk SOAR connector with 16 actions for case management, task operations, observable handling, and TTP tracking to automate incident response workflows between Splunk and TheHive
Type: soar-connector
Documentation
TheHive/Cortex Technical Add-on - Splunk
Bidirectional integration add-on that pulls case and alert events from TheHive, retrieves Cortex job information, and enables creating alerts/cases and executing functions in TheHive directly from Splunk searches and dashboards
Type: technical-addon
Documentation
SOAR & Automation (5 integrations)
TheHive Project Integration - Cortex XSOAR
Native Cortex XSOAR integration that enables bidirectional case synchronization, task management, observable handling, and automated workflows between XSOAR and TheHive with support for case merging and mirroring
Type: integration
Documentation
Cortex and TheHive Nodes - n8n
Pre-built workflow nodes that enable automated data transfer and task orchestration between n8n, Cortex analyzers/responders, and TheHive cases/alerts/observables
Type: workflow-nodes
Documentation
TheHive Extension - Rapid7 InsightConnect
Rapid7 InsightConnect extension that enables automated workflows with TheHive for case management, alert handling, and incident response orchestration
Type: extension
Documentation
TheHive 5 Integration - Shuffle
Native Shuffle app integration that enables workflow automation with TheHive 5 for automated case management, alert handling, and incident response orchestration
Type: app
Documentation
TheHive Project Connector - Tines
Native Tines credential connector that enables workflows to interact with TheHive for automated incident creation, updates, and case management
Type: connector
Documentation
Threat Intelligence (1 integration)
TheHive Integration (via Polarity) - ThreatConnect
Polarity-TheHive integration that enables security analysts to search TheHive instances for indicators, create and manage cases, view case details including severity and status, and understand indicator context through summary tags for coordinated incident response
Type: integration
Documentation
All External Integrations by Vendor
Cortex XSOAR (1 integration)
TheHive Project Integration
Native Cortex XSOAR integration that enables bidirectional case synchronization, task management, observable handling, and automated workflows between XSOAR and TheHive with support for case merging and mirroring
Type: integration
Category: SOAR & Automation
Documentation: https://xsoar.pan.dev/docs/reference/integrations/the-hive-project
CrowdStrike Falcon (1 integration)
falcon2thehive
Real-time connector that streams CrowdStrike Falcon detection events into TheHive, turning Falcon alerts into actionable TheHive Alerts. Supports DetectionSummaryEvent, IdentityProtectionEvent, and MobileDetectionSummaryEvent with automatic observable extraction and TTP mapping.
Type: connector
Category: EDR
Documentation: https://github.com/StrangeBeeCorp/falcon2thehive
Elasticsearch (1 integration)
TheHive Connector for Kibana
Native Kibana connector that allows Elasticsearch to create alerts and create cases in TheHive
Type: connector
Category: SIEM & Analytics
Documentation: https://www.elastic.co/docs/reference/kibana/connectors-kibana/thehive-action-type
Rapid7 InsightConnect (1 integration)
TheHive Extension
Rapid7 InsightConnect extension that enables automated workflows with TheHive for case management, alert handling, and incident response orchestration
Type: extension
Category: SOAR & Automation
Documentation: https://extensions.rapid7.com/extension/thehive
Shuffle (1 integration)
TheHive 5 Integration
Native Shuffle app integration that enables workflow automation with TheHive 5 for automated case management, alert handling, and incident response orchestration
Type: app
Category: SOAR & Automation
Documentation: https://shuffler.io/apps/thehive/integrations/TheHive_5
Splunk (2 integrations)
TheHive SOAR Connector
Official Splunk SOAR connector with 16 actions for case management, task operations, observable handling, and TTP tracking to automate incident response workflows between Splunk and TheHive
Type: soar-connector
Category: SIEM & Analytics
Documentation: https://splunkbase.splunk.com/app/5939
TheHive/Cortex Technical Add-on
Bidirectional integration add-on that pulls case and alert events from TheHive, retrieves Cortex job information, and enables creating alerts/cases and executing functions in TheHive directly from Splunk searches and dashboards
Type: technical-addon
Category: SIEM & Analytics
Documentation: https://splunkbase.splunk.com/app/5329
ThreatConnect (1 integration)
TheHive Integration (via Polarity)
Polarity-TheHive integration that enables security analysts to search TheHive instances for indicators, create and manage cases, view case details including severity and status, and understand indicator context through summary tags for coordinated incident response
Type: integration
Category: Threat Intelligence
Documentation: https://threatconnect.com/marketplace/thehive/
Tines (1 integration)
TheHive Project Connector
Native Tines credential connector that enables workflows to interact with TheHive for automated incident creation, updates, and case management
Type: connector
Category: SOAR & Automation
Documentation: https://www.tines.com/solutions/products/thehive-project/
n8n (1 integration)
Cortex and TheHive Nodes
Pre-built workflow nodes that enable automated data transfer and task orchestration between n8n, Cortex analyzers/responders, and TheHive cases/alerts/observables
Type: workflow-nodes
Category: SOAR & Automation
Documentation: https://n8n.io/integrations/thehive-5/
This catalog is auto-generated. Do not edit manually.