[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"workflow-asset-7cba92d5":3,"seo:featured-workflow:7cba92d5-4e41-11f1-9bc6-00163e2b0d79:fr":84,"workflow-related-asset-7cba92d5-7cba92d5-4e41-11f1-9bc6-00163e2b0d79":85},{"id":4,"uuid":5,"slug":6,"title":7,"description":8,"author_id":9,"author_name":10,"author_avatar":11,"token_estimate":12,"time_saved":12,"model_used":13,"fork_count":12,"vote_count":12,"view_count":14,"parent_id":12,"parent_uuid":13,"lang_type":15,"steps":16,"tags":23,"has_voted":29,"visibility":19,"share_token":13,"is_featured":12,"content_hash":30,"asset_kind":31,"target_tools":32,"install_mode":36,"entrypoint":20,"risk_profile":37,"dependencies":40,"verification":45,"agent_metadata":48,"agent_fit":60,"trust":71,"provenance":80,"created_at":82,"updated_at":83},3380,"7cba92d5-4e41-11f1-9bc6-00163e2b0d79","asset-7cba92d5","TheHive — Open Source Security Incident Response Platform","TheHive is a scalable, open-source security incident response platform that helps SOC teams investigate alerts, collaborate on cases, and automate response workflows.","8a911193-3180-11f1-9bc6-00163e2b0d79","AI Open Source","https:\u002F\u002Ftokrepo.com\u002Fapple-touch-icon.png",0,"",2,"en",[17],{"id":18,"step_order":19,"title":20,"description":13,"prompt_template":21,"variables":13,"depends_on":22,"expected_output":13},3943,1,"TheHive Overview","# TheHive — Open Source Security Incident Response Platform\n\n## Quick Use\n```bash\n# Run TheHive 5 with Docker Compose\nwget https:\u002F\u002Fraw.githubusercontent.com\u002FTheHive-Project\u002FDocker\u002Fmain\u002Fdocker-compose.yml\ndocker compose up -d\n# Access the web UI at http:\u002F\u002Flocalhost:9000\n# Default credentials: admin@thehive.local \u002F secret\n```\n\n## Introduction\nTheHive is an open-source Security Incident Response Platform (SIRP) designed for SOC analysts, incident responders, and security teams. It provides a collaborative workspace for creating security cases, tracking observables like IP addresses and file hashes, running automated analyzers through Cortex, and sharing threat intelligence with MISP.\n\n## What TheHive Does\n- Creates and manages security incident cases with tasks, logs, and observables\n- Integrates with Cortex to run automated analysis on observables (IPs, hashes, URLs)\n- Connects to MISP for bidirectional threat intelligence sharing\n- Supports alert ingestion from SIEM systems, email, and custom sources\n- Provides role-based access control with multi-tenant organization support\n\n## Architecture Overview\nTheHive 5 uses a Scala-based backend with a Lucene-powered search index and supports Cassandra, Elasticsearch, or a built-in database for storage. The web frontend communicates via a REST API. Cortex runs as a separate service for observable analysis, executing analyzer modules in Docker containers. Alerts flow into TheHive from external systems via webhooks or the API, where analysts triage them into cases.\n\n## Self-Hosting & Configuration\n- Deploy with Docker Compose including TheHive, Cortex, Cassandra, and Elasticsearch\n- Configure authentication with local accounts, LDAP, Active Directory, or OAuth2\u002FSAML\n- Set up Cortex analyzers by enabling Docker-based responder and analyzer modules\n- Connect to MISP instances for automated threat intelligence enrichment\n- Configure alert sources from your SIEM, email gateway, or custom scripts via the API\n\n## Key Features\n- Case templates with pre-defined tasks for standardized incident response procedures\n- Observable enrichment through 100+ Cortex analyzers (VirusTotal, AbuseIPDB, Shodan, etc.)\n- Multi-tenant architecture for MSSPs and large organizations\n- Dashboard and metrics for tracking mean time to respond and case throughput\n- Webhook-based automation for triggering actions on case state changes\n\n## Comparison with Similar Tools\n- **Splunk SOAR** — commercial SOAR platform; TheHive is free and open-source\n- **IBM QRadar SOAR** — enterprise incident response; TheHive is self-hosted with no license cost\n- **DFIR-IRIS** — lighter incident response tool; TheHive has deeper Cortex and MISP integration\n- **Shuffle** — open-source SOAR focused on automation; TheHive focuses on case management\n- **ServiceNow SecOps** — enterprise ITSM with security modules; TheHive is purpose-built for SOC workflows\n\n## FAQ\n**Q: Is TheHive free for commercial use?**\nA: TheHive 5 has a free community edition. Some advanced features require a license.\n\n**Q: Can TheHive integrate with my SIEM?**\nA: Yes. TheHive accepts alerts via its REST API. Connectors exist for Elastic SIEM, Wazuh, QRadar, and others.\n\n**Q: What is Cortex and do I need it?**\nA: Cortex is a companion tool that runs automated analyzers on observables. It is optional but highly recommended for enrichment workflows.\n\n**Q: How does TheHive differ from a ticketing system?**\nA: TheHive is specialized for security incidents with observable tracking, analyzer integration, and threat intelligence sharing that generic ticketing systems lack.\n\n## Sources\n- https:\u002F\u002Fgithub.com\u002FTheHive-Project\u002FTheHive\n- https:\u002F\u002Fdocs.strangebee.com\u002F","0",[24],{"id":25,"name":26,"slug":27,"icon":28},12,"Configs","config","⚙️",false,"c02ca02961c717627fb6f2a2491b9007b8603c370b4fb29ee0c5a85336171082","skill",[33,34,35],"claude_code","codex","gemini_cli","single",{"executes_code":29,"modifies_global_config":29,"requires_secrets":38,"uses_absolute_paths":29,"network_access":39},[],true,{"npm":41,"pip":42,"brew":43,"system":44},[],[],[],[],{"commands":46,"expected_files":47},[],[20],{"asset_kind":31,"target_tools":49,"install_mode":36,"entrypoint":20,"risk_profile":50,"dependencies":52,"content_hash":30,"verification":57,"inferred":39},[33,34,35],{"executes_code":29,"modifies_global_config":29,"requires_secrets":51,"uses_absolute_paths":29,"network_access":39},[],{"npm":53,"pip":54,"brew":55,"system":56},[],[],[],[],{"commands":58,"expected_files":59},[],[20],{"target":34,"score":61,"status":62,"policy":63,"why":64,"asset_kind":31,"install_mode":36},64,"needs_confirmation","confirm",[65,66,67,68,69,70],"target_tools includes codex","asset_kind skill","install_mode single","policy confirm","risk_profile.network_access is true","trust established",{"author_trust_level":72,"verified_publisher":29,"asset_signed_hash":30,"signature_status":73,"install_count":12,"report_count":12,"dangerous_capability_badges":74,"review_status":76,"signals":77},"established","hash_only",[75],"network_access","unreviewed",[78,79],"author has published assets","content hash available",{"owner_uuid":9,"owner_name":10,"source_url":81,"content_hash":30,"visibility":19,"created_at":82,"updated_at":83},"https:\u002F\u002Ftokrepo.com\u002Fen\u002Fworkflows\u002Fasset-7cba92d5","2026-05-13 04:30:59","2026-05-13 05:36:49",null,[86,145,193,240],{"id":87,"uuid":88,"slug":89,"title":90,"description":91,"author_id":9,"author_name":10,"author_avatar":11,"token_estimate":12,"time_saved":12,"model_used":13,"fork_count":12,"vote_count":12,"view_count":92,"parent_id":12,"parent_uuid":13,"lang_type":15,"steps":93,"tags":94,"has_voted":29,"visibility":19,"share_token":13,"is_featured":12,"content_hash":96,"asset_kind":31,"target_tools":97,"install_mode":36,"entrypoint":98,"risk_profile":99,"dependencies":101,"verification":106,"agent_metadata":109,"agent_fit":121,"trust":129,"provenance":133,"created_at":135,"updated_at":136,"__relatedScore":137,"__relatedReasons":138,"__sharedTags":143},2517,"f4bfdd1c-4623-11f1-9bc6-00163e2b0d79","asset-f4bfdd1c","OneUptime — Complete Open-Source Monitoring and Incident Management Platform","Unified monitoring, status pages, incident management, and on-call scheduling in a single self-hosted platform. Replace multiple paid tools with one open-source solution.",56,[],[95],{"id":25,"name":26,"slug":27,"icon":28},"9afd6fb4eaa8e58c767290a9d1adab1a846d9a8b00f0614c7efdf939d88d8a79",[33,34,35],"OneUptime Monitoring Platform",{"executes_code":29,"modifies_global_config":29,"requires_secrets":100,"uses_absolute_paths":29,"network_access":29},[],{"npm":102,"pip":103,"brew":104,"system":105},[],[],[],[],{"commands":107,"expected_files":108},[],[98],{"asset_kind":31,"target_tools":110,"install_mode":36,"entrypoint":98,"risk_profile":111,"dependencies":113,"content_hash":96,"verification":118},[33,34,35],{"executes_code":29,"modifies_global_config":29,"requires_secrets":112,"uses_absolute_paths":29,"network_access":29},[],{"npm":114,"pip":115,"brew":116,"system":117},[],[],[],[],{"commands":119,"expected_files":120},[],[98],{"target":34,"score":122,"status":123,"policy":124,"why":125,"asset_kind":31,"install_mode":36},98,"native","allow",[65,66,67,126,127,128,70],"markdown-only","policy allow","safe markdown-only Codex install",{"author_trust_level":72,"verified_publisher":29,"asset_signed_hash":96,"signature_status":73,"install_count":12,"report_count":12,"dangerous_capability_badges":130,"review_status":76,"signals":131},[],[78,79,132],"no dangerous capability badges",{"owner_uuid":9,"owner_name":10,"source_url":134,"content_hash":96,"visibility":19,"created_at":135,"updated_at":136},"https:\u002F\u002Ftokrepo.com\u002Fen\u002Fworkflows\u002Fasset-f4bfdd1c","2026-05-02 20:39:26","2026-05-13 04:04:55",126.63381228350873,[139,140,141,142],"topic-match","same-kind","same-target","same-author",[27,144],"configs",{"id":146,"uuid":147,"slug":148,"title":149,"description":150,"author_id":9,"author_name":10,"author_avatar":11,"token_estimate":12,"time_saved":12,"model_used":13,"fork_count":12,"vote_count":12,"view_count":151,"parent_id":12,"parent_uuid":13,"lang_type":15,"steps":152,"tags":153,"has_voted":29,"visibility":19,"share_token":13,"is_featured":12,"content_hash":155,"asset_kind":31,"target_tools":156,"install_mode":36,"entrypoint":157,"risk_profile":158,"dependencies":160,"verification":165,"agent_metadata":168,"agent_fit":180,"trust":182,"provenance":186,"created_at":188,"updated_at":189,"__relatedScore":190,"__relatedReasons":191,"__sharedTags":192},2237,"cd9db66b-4236-11f1-9bc6-00163e2b0d79","prestashop-open-source-php-e-commerce-platform-cd9db66b","PrestaShop — Open-Source PHP E-Commerce Platform","A widely adopted open-source e-commerce platform written in PHP with a rich module marketplace, multi-language support, and a strong European user base.",165,[],[154],{"id":25,"name":26,"slug":27,"icon":28},"165ea797690b187c06c62995038e84af2d26a8e9a11b21971ce7cc9a3e88b64f",[33,34,35],"PrestaShop",{"executes_code":29,"modifies_global_config":29,"requires_secrets":159,"uses_absolute_paths":29,"network_access":29},[],{"npm":161,"pip":162,"brew":163,"system":164},[],[],[],[],{"commands":166,"expected_files":167},[],[157],{"asset_kind":31,"target_tools":169,"install_mode":36,"entrypoint":157,"risk_profile":170,"dependencies":172,"content_hash":155,"verification":177},[33,34,35],{"executes_code":29,"modifies_global_config":29,"requires_secrets":171,"uses_absolute_paths":29,"network_access":29},[],{"npm":173,"pip":174,"brew":175,"system":176},[],[],[],[],{"commands":178,"expected_files":179},[],[157],{"target":34,"score":122,"status":123,"policy":124,"why":181,"asset_kind":31,"install_mode":36},[65,66,67,126,127,128,70],{"author_trust_level":72,"verified_publisher":29,"asset_signed_hash":155,"signature_status":73,"install_count":12,"report_count":12,"dangerous_capability_badges":183,"review_status":76,"signals":184},[],[185,78,79,132],"asset has usage views",{"owner_uuid":9,"owner_name":10,"source_url":187,"content_hash":155,"visibility":19,"created_at":188,"updated_at":189},"https:\u002F\u002Ftokrepo.com\u002Fen\u002Fworkflows\u002Fprestashop-open-source-php-e-commerce-platform-cd9db66b","2026-04-27 20:44:17","2026-05-13 06:45:48",123.33016213206008,[139,140,141,142],[27,144],{"id":194,"uuid":195,"slug":196,"title":197,"description":198,"author_id":9,"author_name":10,"author_avatar":11,"token_estimate":12,"time_saved":12,"model_used":13,"fork_count":12,"vote_count":12,"view_count":199,"parent_id":12,"parent_uuid":13,"lang_type":15,"steps":200,"tags":201,"has_voted":29,"visibility":19,"share_token":13,"is_featured":12,"content_hash":203,"asset_kind":31,"target_tools":204,"install_mode":36,"entrypoint":205,"risk_profile":206,"dependencies":208,"verification":213,"agent_metadata":216,"agent_fit":228,"trust":230,"provenance":233,"created_at":235,"updated_at":236,"__relatedScore":237,"__relatedReasons":238,"__sharedTags":239},2654,"417d0387-47f9-11f1-9bc6-00163e2b0d79","asset-417d0387","OWASP ZAP — Open-Source Web Application Security Scanner","The most widely used open-source web application security scanner for finding vulnerabilities during development and penetration testing.",60,[],[202],{"id":25,"name":26,"slug":27,"icon":28},"957df97dc87a1a80bb20b5872e4843dfccb6e9a7bfc85cffd70bc26254307d26",[33,34,35],"OWASP ZAP Overview",{"executes_code":29,"modifies_global_config":29,"requires_secrets":207,"uses_absolute_paths":29,"network_access":29},[],{"npm":209,"pip":210,"brew":211,"system":212},[],[],[],[],{"commands":214,"expected_files":215},[],[205],{"asset_kind":31,"target_tools":217,"install_mode":36,"entrypoint":205,"risk_profile":218,"dependencies":220,"content_hash":203,"verification":225},[33,34,35],{"executes_code":29,"modifies_global_config":29,"requires_secrets":219,"uses_absolute_paths":29,"network_access":29},[],{"npm":221,"pip":222,"brew":223,"system":224},[],[],[],[],{"commands":226,"expected_files":227},[],[205],{"target":34,"score":122,"status":123,"policy":124,"why":229,"asset_kind":31,"install_mode":36},[65,66,67,126,127,128,70],{"author_trust_level":72,"verified_publisher":29,"asset_signed_hash":203,"signature_status":73,"install_count":12,"report_count":12,"dangerous_capability_badges":231,"review_status":76,"signals":232},[],[78,79,132],{"owner_uuid":9,"owner_name":10,"source_url":234,"content_hash":203,"visibility":19,"created_at":235,"updated_at":236},"https:\u002F\u002Ftokrepo.com\u002Fen\u002Fworkflows\u002Fasset-417d0387","2026-05-05 04:38:49","2026-05-13 04:35:54",122.67799475251616,[139,140,141,142],[27,144],{"id":241,"uuid":242,"slug":243,"title":244,"description":245,"author_id":9,"author_name":10,"author_avatar":11,"token_estimate":12,"time_saved":12,"model_used":13,"fork_count":12,"vote_count":12,"view_count":246,"parent_id":12,"parent_uuid":13,"lang_type":15,"steps":247,"tags":248,"has_voted":29,"visibility":19,"share_token":13,"is_featured":12,"content_hash":250,"asset_kind":31,"target_tools":251,"install_mode":36,"entrypoint":252,"risk_profile":253,"dependencies":255,"verification":260,"agent_metadata":263,"agent_fit":275,"trust":277,"provenance":280,"created_at":282,"updated_at":283,"__relatedScore":284,"__relatedReasons":285,"__sharedTags":286},2309,"3f002e33-431d-11f1-9bc6-00163e2b0d79","gophish-open-source-phishing-simulation-platform-3f002e33","Gophish — Open Source Phishing Simulation Platform","A self-hosted phishing simulation framework designed for security teams to test organizational awareness through realistic phishing campaigns with tracking and reporting.",126,[],[249],{"id":25,"name":26,"slug":27,"icon":28},"2fd3882c13939d059a44e8cf9c23860e099e9fc533a3e162b5382477c49cec67",[33,34,35],"Gophish Overview",{"executes_code":29,"modifies_global_config":29,"requires_secrets":254,"uses_absolute_paths":29,"network_access":39},[],{"npm":256,"pip":257,"brew":258,"system":259},[],[],[],[],{"commands":261,"expected_files":262},[],[252],{"asset_kind":31,"target_tools":264,"install_mode":36,"entrypoint":252,"risk_profile":265,"dependencies":267,"content_hash":250,"verification":272},[33,34,35],{"executes_code":29,"modifies_global_config":29,"requires_secrets":266,"uses_absolute_paths":29,"network_access":39},[],{"npm":268,"pip":269,"brew":270,"system":271},[],[],[],[],{"commands":273,"expected_files":274},[],[252],{"target":34,"score":61,"status":62,"policy":63,"why":276,"asset_kind":31,"install_mode":36},[65,66,67,68,69,70],{"author_trust_level":72,"verified_publisher":29,"asset_signed_hash":250,"signature_status":73,"install_count":12,"report_count":12,"dangerous_capability_badges":278,"review_status":76,"signals":279},[75],[185,78,79],{"owner_uuid":9,"owner_name":10,"source_url":281,"content_hash":250,"visibility":19,"created_at":282,"updated_at":283},"https:\u002F\u002Ftokrepo.com\u002Fen\u002Fworkflows\u002Fgophish-open-source-phishing-simulation-platform-3f002e33","2026-04-29 00:13:51","2026-05-13 03:14:08",117.15570558143393,[139,140,141,142],[27,144]]