StrangeBee TheHive IaaS Images

StrangeBee TheHive is a collaborative case management platform designed for security analysts to manage and respond to security incidents. Available as Amazon Machine Images (AMI) on AWS and Azure, TheHive provides automated deployment with DevSecOps-friendly architecture. The platform stores data on dedicated EBS volumes for Cassandra database, storage attachments, and indexes, making operations like backups, restores, and upgrades straightforward. Built on Ubuntu 20.04 LTS with hardened OS configuration, the AMI is production-ready and automatically updated when new versions are released. TheHive runs on port 9000 and is designed to be deployed within a VPC, exposed through load balancers or reverse proxies for TLS handling. The platform includes automated initialization and restore scripts for easy deployment and migration. It works alongside Cortex, an observable analysis and incident response engine that speeds up security investigations. TheHive uses secure cookies by default and includes nightly backup jobs for application configuration. The platform supports migration from TheHive v3 and v4, with detailed upgrade paths provided. Data volumes are encrypted with KMS keys and persist after instance termination to prevent accidental data loss. The solution is designed for security operations centers requiring collaborative incident management capabilities with cloud-native deployment options.