TheHive 5.3 Is Out and Buzzing for Even More Efficiency

TheHive 5.3 introduces Email Intake, refined case tracking, and a detailed Timeline widget. It supports OpenSearch and Elasticsearch 8, boosting SOC efficiency.

TheHive 5.3 Is Out and Buzzing for Even More Efficiency

Springtime has got to be the best time of the year for busy bees. This is why we are excited to announce the launch of TheHive 5.3—our latest product iteration.

We've introduced a suite of enhancements, from ingesting emails to clearer labeling designs. These new features streamline incident response and improve data analysis and overall user experience.

Here's a closer look at TheHive 5.3 honey-like, sweet features.

Email Intake

Our team of bees is proud of our latest major improvement, which we’ve dubbed “Email Intake.”

We have successfully automated the transformation of emails into actionable alerts and observables.

TheHive now integrates with email platforms such as Microsoft 365, Google Workspace, or any mail service provider using IMAP, all to significantly reduce manual sorting and boost efficiency for SOC analysts.

SOC teams can now integrate an email platform through TheHive and handle alerts they receive daily in mail, directly on our platform.

More details about this feature are coming in a later dedicated article.

Configure Email Intake


Dissect Emails directly through TheHive

Improved similar cases/alerts display

We've also considerably upgraded similar cases and alerts visualization.

Users can now access more detailed information on similar cases and alerts, including their status, all presented in a standardized format for easier readability.

Our new drawer component categorizes observables by type, allowing for detailed inspections and efficient searches within a user-friendly interface.

This improvement is tailored for security analysts and SOC teams. It facilitates deeper analysis and helps to quickly identify correlations and potential threats, which streamlines investigations and improves the accuracy of responses.

Our latest update enhances user experience by making information more accessible and analysis more intuitive, significantly boosting operational efficiency.

The info displayed includes more details for a faster analysis


Check for matching observables

Timeline in case reports

Exclusive to TheHive's Platinum, our team has worked hard to introduce a new widget to our in-case reports feature. It allows analysts to visualize the timeline within case reports.

It details the sequence of attack and defense actions, including observables flagged as IOCs, Tactics, Techniques, and Procedures (TTPs)—and various custom events. 

Organizational admins have access to case report templates, and only they can dynamically edit these reports by choosing what elements to include. This can range from Alerts and Case events to Tasks and Logs. Analysts may choose which template to use.

This flexibility ensures that each timeline can be tailored to the specific needs of the report and its audience.

The timeline widget not only aids in the intuitive presentation of complex cybersecurity incidents but also enhances communication with non-SOC personnel such as executive management, HR, or legal departments.

Presenting the chronology of events clearly minimizes manual effort and eliminates ambiguities, making it easier for all stakeholders to understand the details of security incidents.

Track each case in details

Customizable fields in list export and updated observable export

We've enhanced our data export features in TheHive to make them more flexible and user-friendly across the application.

Users may now select which columns to export from the application lists, responding to customer feedback about the overwhelming volume of data in export downloads.

This customization makes exports more manageable and precisely tailored to user needs.

The platform provides predefined columns for each entity to expedite the process while still allowing the inclusion or exclusion of fields as necessary. Users can also choose to export all data if needed.

They also reduce the time and effort required for post-export data processing. Users can focus on the most relevant information and optimize their data handling and analysis.

Additionally, the Observable Export feature, previously limited to MISP, TXT, and CSV formats, now includes JSON and customizable delimiter options for CSV files. Users can now select specific fields for export in CSV format, aligning with the customization options for other entities within our application.

This ensures a uniform interface for all export functions and maintains essential data security features for exports in MISP format. 

Choose among all the export options

New theme and font colors  

Our team has also operated a visual upgrade to TheHive with the introduction of new CSS colors, font styles and sizes.

This update marks the first step in our broader initiative to implement a comprehensive Design System, which aims to improve the overall user experience.

These aesthetic updates' primary objective is to improve readability and comprehension of information across the application. Spoiler alert: they are also requirements for a much-awaited dark mode.

Refreshing visuals is part of our commitment to continuously improve the application's functionality and design, paving the way for further enhancements that will benefit our clients.

How it looked before 👇

Labels used to be

How it looks now ✌️

Now, colors have been strengthened and tags enlarged

Revamped navigation bar & top bar

We’ve also updated our navigation bar, which now merges with the top bar.

This redesign optimizes functionality by adding an intuitive organization switcher. If you’re a Slack user, you may also recall that they underwent the same redesign a while back.

Just hit the logo on the top left and you’ll be able to see all other organizations you work with/for—and switch at will.

Up left, hit the logo of the organization to switch

Support of OpenSearch and Elasticsearch 8

TheHive 5.3 adds support for OpenSearch as the indexing base and now fully supports Elasticsearch 8.

OpenSearch: We have added support OpenSearch for those who prefer a community-driven search and analytics suite to Elasticsearch. This one strikes a chord for us because we don’t forget where we’re coming from. TheHive would never be what it is today without the wonderful open-source community that supported its beginning.

Elasticsearch 8: Our bees ran the necessary integration tests to declare that we fully support Elasticsearch 8, bringing you the latest improvements in search performance and data management.

Our team has improved dashboards’ capabilities for both Elasticsearch and OpenSearch, making them more efficient at managing and displaying data.

The upgrade enhances graphs that use custom fields and adds new features for handling data such as isEmpty, nonEmpty and between operators.

Users can now adjust the number of segments in dashboard donuts for better visualization, and the system now handles more data in donuts and charts, significantly exceeding the old limit of 100 values.

New filter: last/next X time unit

We've added a new filter to improve how you search and analyze data. The new filter lets users set a date range based on the current time, choosing from hours, days, months, or years.

This filter works on dashboards and list views, allowing for dynamic displays that adjust over time. It offers more customization than our previous options—like the "Last week" filter—by letting users specify the exact time period they need.

This tool helps users concentrate on data from specific periods, making it easier to manage information and make decisions efficiently.

Choose a time period

TheHive platinum edition: 14-day trial

For the first time, we're offering a 14-day trial of TheHive Platinum Edition. This trial gives you access to all the features of TheHive, allowing you to experience our premium solution firsthand.

After the trial, users can subscribe to a Gold or Platinum TheHive license or request a one-year renewable community license, which is free but limited in users and features.

Create an account first

Then make sure to follow the link highlighted in orange on the screenshot

Note: Starting with the 5.3 version, users of the community version will also need to register to the License Portal to generate a community license for using TheHive's community version.

Here, we wish to ensure that all users benefit from our continuous improvements regardless of their subscription level.

Register here for a free trial 

Public API update

Lastly, we want to inform our users that the v0 public API is now deprecated. We encourage everyone to transition to the v1 public API for application connections to TheHive.

The v0 API will be deactivated in a future release, so please update your integrations accordingly.

Put TheHive to the test now!

Request a demo

Try TheHive (on-prem)

Try TheHive Cloud Platform (SaaS) 

Get in touch with us 

As always, we welcome your feedback and suggestions, so please let us know what you think here.