A scalable, open source and free Security Incident Response Platform, tightly integrated with MISP (Malware Information Sharing Platform), designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly.
Thanks to Cortex, observables such as IP and email addresses, URLs, domain names, files or hashes can be analyzed using a Web interface. Analysts can also automate these operations and submit large sets of observables from TheHive or through the Cortex REST API from alternative SIRP platforms, custom scripts or MISP. When used in conjunction with TheHive, Cortex largely facilitates the containment phase thanks to its Active Response features.
A Python API client for TheHive.
A team of hard-working enthusiastic people who helped this project come to life.
If you are looking for trainings, limited professional support, analyzer development assistance or if you have other specific requests, please contact us at [email protected]. We can directly provide such services through Creative Source, a non-profit organization we created to sustain TheHive Project.
If you'd like to make a donation to support TheHive Project, you can do so as well through Creative Source. Please contact us at [email protected] to get more information. Thank you!