StrangeBee is the company behind TheHive — a modern, scalable, and open-core Security Incident Response Platform (SIRP) designed to help SOCs and CSIRTs handle incidents efficiently. Founded by former CERT and SOC professionals, StrangeBee is committed to operationalizing security response through automation, collaboration, and transparency.

With widespread adoption across government, finance, and critical infrastructure sectors, StrangeBee supports compliance initiatives in the Middle East such as NCA ECC, SAMA, and ISO 27001. Their offerings empower SOCs and MSSPs to standardize response workflows and improve threat visibility and resolution timelines.

TheHive Platform

Summary: Centralized case management for security operations teams

TheHive is an incident response platform that supports multi-user collaboration, alert triage, investigation tracking, and evidence management in a single UI. It enables SOCs to structure their response processes, reduce dwell time, and improve case throughput.

Key Capabilities:
– Alert ingestion and triage from SIEM, EDR, TIP, etc.
– Case lifecycle and task management with SLA tracking
– Linked observables, tagging, and threat correlation
– Role-based access control and team collaboration
– Real-time dashboards, statistics, and reporting

Why it matters:
SOCs are overwhelmed by alerts and fragmented workflows. TheHive provides a structured, efficient way to manage and close incidents faster with full accountability.

Cortex

Summary: Automated threat enrichment and response actions

Cortex is a companion engine designed to automate the execution of analyzers and responders. It enables TheHive users to enrich observables and trigger response actions automatically — without switching tools.

Key Capabilities:
– 150+ prebuilt analyzers for enrichment (VirusTotal, Shodan, MISP, etc.)
– Custom responders to quarantine hosts, disable accounts, etc.
– Scalable API for integration with TheHive and external tools
– Parallel execution for faster response automation

Why it matters:
Manual enrichment slows down investigations. With Cortex, StrangeBee enables SOC teams to automate intelligence gathering and streamline repeatable response actions.

TheHive SaaS

Summary: Fully managed SIRP for teams that want rapid deployment and scale

TheHive SaaS is a cloud-native version of the platform, hosted and operated by StrangeBee with enterprise-grade SLAs, maintenance, and updates. It is ideal for smaller SOCs or distributed teams looking to avoid infrastructure overhead.

Key Capabilities:
– Secure, GDPR-compliant SaaS environment
– Fully managed platform with no installation or maintenance
– Available via EU or global cloud instances
– Multi-tenant design suitable for MSSPs

Why it matters:
Not every team can deploy and manage on-prem systems. TheHive SaaS enables fast adoption with enterprise capabilities and flexible subscription models.