TheHive v5.1 Elevates Cybersecurity Incident Response to a New Level

Once again, TheHive demonstrates how cybersecurity tools should adapt to your environment and processes, not the other way around!

TheHive v5.1 Elevates Cybersecurity Incident Response to a New Level
TheHive 5.1 - Fits like a glove

We are thrilled to announce the launch of the next major release of TheHive. TheHive v5.1 is the result of extensive research, development, and collaboration with our users and partners. It is a major step forward in the evolution of the platform, making it the most customizable version ever. With this release, users can expect to see significant improvements in their ability to respond to and manage cybersecurity incidents thanks to powerful new customization, automation, and reporting functionalities.

This release includes several highly anticipated new features such as the ability to apply multiple case templates, to set tasks as mandatory, to search all elements at once, to change case ownership and the possibility to perform actions when dealing with similar alerts, making it easier than ever to manage your daily flow of incident response. We are also introducing brand-new Functions that will change the way you receive data in TheHive from external systems and third-party services. Another key new feature is the ability to configure SAML providers in addition to OAuth2, which makes it easier for organizations to implement Single Sign-On and manage access to their security incident response data.

In addition, we have included a number of exciting enhancements as well. Dashboards and key performance indicators (KPIs) have been improved and extended to help you keep track of your progress and make informed decisions. On the security features of TheHive itself, we’ve added split permissions to let you better customize your user’s security profiles.

Overall, TheHive v5.1 represents a significant step forward in the evolution of incident response tools, and is designed to help organizations of all sizes to improve their ability to respond to cybersecurity incidents. With its powerful new features and enhancements, TheHive provides organizations with the tools they need to streamline incident response workflows and improve the overall efficiency of their security operations.


We are publishing two additional blog posts that detail the new and improved features that TheHive version 5.1 has to offer.

The first article focuses on the new features that have been added:

The second article covers the improvements that have been made to existing features:

We encourage you to check out both articles to learn more.


To start from scratch, you can either follow the step-by-step installation guide or use the installation script as described here.

If you are deploying using Docker, you can find the instructions here.

To update an existing instance, remember to perform a full database backup first, then follow the upgrade for your current TheHive version:


Should you face any issues, several reporting options are available:

As always, we welcome your feedback and suggestions, so please reach out and let us know what you think.

Whether you're a seasoned incident responder or just starting out, we believe that this release will have something for everyone, and we hope you are as excited about it as we are.