TheHive Project

Details
Content
Dependencies
Version History

Provides an integration, incident type and layout for use with TheHive Project.

TheHive Project is an open source and free Security Incident Response Platform designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly.

What does this pack do?

It supports different methods to store data, files, and indexes according to the user needs.

Pack Contributors:

Adam Burt

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

What does this pack do?

It supports different methods to store data, files, and indexes according to the user needs.

Pack Contributors:

Adam Burt

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Classifiers

Name	Description
TheHive - Classifier	Default classifier for TheHive Project cases
TheHive - Outgoing Mapper	Default outbound mapping for TheHive Project cases.
TheHive - Incoming Mapper	Default incoming mapper for TheHive Project cases

Incident Fields

Name	Description
TheHive Tasks
TheHive Case PAP
TheHive Observables
TheHive Case Resolution Status
TheHive Case Status
TheHive Case Summary
TheHive Case TLP
TheHive Flag

Incident Types

Name	Description
TheHive

Integrations

Name	Description
TheHive Project	Integration with The Hive Project Security Incident Response Platform.

Layouts

Name	Description
TheHive layout (custom)

Classifiers

Name	Description
TheHive - Classifier	Default classifier for TheHive Project cases
TheHive - Outgoing Mapper	Default outbound mapping for TheHive Project cases.
TheHive - Incoming Mapper	Default incoming mapper for TheHive Project cases

Incident Fields

Name	Description
TheHive Case Summary
TheHive Case PAP
TheHive Tasks
TheHive Case Status
TheHive Case TLP
TheHive Flag
TheHive Observables
TheHive Case Resolution Status

Incident Types

Name	Description
TheHive

Integrations

Name	Description
TheHive Project	Integration with The Hive Project Security Incident Response Platform.

Required Content Packs (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (3)

Pack Name	Pack By
Filters And Transformers	By: Cortex XSOAR
Aggregated Scripts	By: Cortex XSOAR
Base	By: Cortex XSOAR

1.1.30 - 7843807 (March 22, 2026)

Documentation and metadata improvements.

Related pull requests:
- 43568

Download

1.1.29 - R7448282 (March 5, 2026)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41629

Download

1.1.28 - R5469292 (October 20, 2025)

Integrations

Fixed an issue where "Some of the required fields are missing or invalid" error was received when trying to configure an instance on Xsiam.
Updated the Docker image to: demisto/python3:3.12.11.3982393.

Related pull requests:
- 40415

Download

1.1.27 - 3769759 (June 12, 2025)

Integrations

TheHive Project

Documentation and metadata improvements.

Related pull requests:
- 40195

Download

1.1.26 - R3444919 (May 18, 2025)

Integrations

TheHive Project

Metadata and documentation improvements.

Related pull requests:
- 39228

Download

1.1.25 - 2763721 (March 12, 2025)

TheHive Project

Ensure that mirroring fields only appear in XSOAR integrations.

Related pull requests:
- 38998

Download

1.1.24 - 1935630 (January 6, 2025)

Integrations

TheHive Project

Code functionality improvements.
Updated the Docker image to: demisto/python3:3.11.10.116949.

Related pull requests:
- 37472

Download

1.1.23 - 1718057 (November 28, 2024)

Integrations

TheHive Project

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37407
- 37402
- 37403
- 37405
- 37406
- 37404

Download

1.1.22 - R1709192 (November 26, 2024)

Integrations

TheHive Project

Fixed an issue where mirror out would fail when changing custom fields.
Updated the Docker image to: demisto/python3:3.11.9.107902.

Related pull requests:
- 35893

Download

1.1.21 - 1252429 (August 7, 2024)

Integrations

TheHive Project

Fixed an issue where mirror out would fail when changing the severity, pap and tlp fields.
Updated the Docker image to: demisto/python3:3.11.9.106968.

Related pull requests:
- 35781

Download

1.1.20 - R6950398 (November 21, 2023)

Integrations

TheHive Project

Fixed an issue with fetch-incidents command that cases fetch were stopped.
Added support for Look back in fetch-incidents command.
Updated the Docker image to: demisto/python3:3.10.13.80014.

Related pull requests:
- 30471

Download

1.1.19 - R6834680 (November 8, 2023)

Integrations

TheHive Project

Updated the Docker image to: demisto/python3:3.10.13.78960.

Related pull requests:
- 30634

Download

1.1.18 - 6226805 (September 3, 2023)

Integrations

TheHive Project

Updated the Docker image to: demisto/python3:3.10.13.72123.
Fixed an issue in thehive-update-case command where the severity argument was sent incorrectly.

Related pull requests:
- 29379

Download

1.1.17 - R5866730 (July 25, 2023)

Integrations

TheHive Project

Added the API Key integration parameters to support credentials fetching object.
Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27463

Download

1.1.16 - R5170573 (May 2, 2023)

Integrations

TheHive Project

Updated the Docker image to: demisto/python3:3.10.10.48392.
Removed mirroring parameters from cortex XSIAM.

Related pull requests:
- 24220

Download

1.1.15 - R4646022 (February 19, 2023)

Layouts

New: TheHive layout (custom)
This item is no longer supported in XSIAM.

Related pull requests:
- 24221

Download

1.1.14 - R4085738 (November 22, 2022)

Integrations

TheHive Project

Added the fetch_closed parameter to be able to fetch closed cases.
Updated the Docker image to: demisto/python3:3.10.6.33415.

Related pull requests:
- 20331

Download

1.1.13 - 3343460 (July 27, 2022)

Integrations

TheHive Project

Updated the Docker image to: demisto/python3:3.10.5.31928.

Related pull requests:
- 20247

Download

1.1.12 - 3243583 (July 11, 2022)

Integrations

TheHive Project

Removed excessive error traceback printing.
Updated the Docker image to: demisto/python3:3.10.5.31797.

Related pull requests:
- 19659

Download

1.1.11 - 2962208 (May 22, 2022)

Integrations

TheHive Project

Updated the Docker image to: demisto/python3:3.10.4.29342.

Download

1.1.10 - 2830268 (April 27, 2022)

Integrations

TheHive Project

Fixed an issue in thehive-create-case and thehive-update-case commands where the tags argument was not parsed correctly.

Download

1.1.9 - 2674843 (March 30, 2022)

Integrations

TheHive Project

Added type validations and other internal code improvements.

Download

1.1.8 - 2589896 (March 16, 2022)

Integrations

TheHive Project

Updated the Docker image to: demisto/python3:3.10.1.26972.

Download

1.1.7 - 2347248 (February 2, 2022)

Integrations

TheHive Project

Updated the Docker image to: demisto/python3:3.10.1.25933.

Download

1.1.6 - 2183875 (December 30, 2021)

Incident Fields

TheHive Case Resolution Status
- Maintenance and stability enhancements.

Download

1.1.5 - R2146019 (December 21, 2021)

Integrations

TheHive Project

Updated the Docker image to: demisto/python3:3.9.8.24399.

Download

1.1.4 - R2009340 (November 25, 2021)

Incident Fields

TheHive Case PAP
- Maintenance and stability enhancements.
TheHive Observables
- Maintenance and stability enhancements.

Download

1.1.3 - 1793249 (October 14, 2021)

Integrations

TheHive Project

Documentation and metadata improvements.

Download

1.1.2 - 7740378 (September 23, 2021)

Integrations

TheHive Project

Updated the Docker image to: demisto/python3:3.9.7.24076.
Moved the Pack to Cortex XSOAR support instead of community support.

Download

1.1.1 - 349609 (May 8, 2021)

Integrations

TheHive Project

Maintenance and stability enhancements.
Updated the Docker image to: demisto/python3:3.9.4.19537.

Download

1.1.0 - 323432 (April 8, 2021)

Integrations

TheHive Project

Added support for the get-modified-remote-data command.
Updated the Docker image to: demisto/python3:3.9.2.18414.

Incident Fields

TheHive Observables

The field is editable.

TheHive Tasks

The field is editable.

Download

1.0.0 - 322974 (March 30, 2021)

Provides an integration, incident type and layout for use with TheHive Project.

Download

1.1.30 - 7850318 (March 23, 2026)

Documentation and metadata improvements.

Related pull requests:
- 43568

Download

1.1.29 - R7448282 (March 5, 2026)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 41629

Download

1.1.28 - R5469292 (October 20, 2025)

Integrations

TheHive Project

Fixed an issue where "Some of the required fields are missing or invalid" error was received when trying to configure an instance on Xsiam.
Updated the Docker image to: demisto/python3:3.12.11.3982393.

Related pull requests:
- 40415

Download

1.1.27 - 3769759 (June 12, 2025)

Integrations

TheHive Project

Documentation and metadata improvements.

Related pull requests:
- 40195

Download

1.1.26 - R3444919 (May 18, 2025)

Integrations

TheHive Project

Metadata and documentation improvements.

Related pull requests:
- 39228

Download

1.1.25 - 2763721 (March 12, 2025)

TheHive Project

Ensure that mirroring fields only appear in XSOAR integrations.

Related pull requests:
- 38998

Download

1.1.24 - 1935630 (January 6, 2025)

Integrations

TheHive Project

Code functionality improvements.
Updated the Docker image to: demisto/python3:3.11.10.116949.

Related pull requests:
- 37472

Download

1.1.23 - 1718057 (November 28, 2024)

Integrations

TheHive Project

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37407
- 37402
- 37403
- 37405
- 37406
- 37404

Download

1.1.22 - R1709192 (November 26, 2024)

Integrations

TheHive Project

Fixed an issue where mirror out would fail when changing custom fields.
Updated the Docker image to: demisto/python3:3.11.9.107902.

Related pull requests:
- 35893

Download

1.1.21 - 1252429 (August 7, 2024)

Integrations

TheHive Project

Fixed an issue where mirror out would fail when changing the severity, pap and tlp fields.
Updated the Docker image to: demisto/python3:3.11.9.106968.

Related pull requests:
- 35781

Download

1.1.20 - R6950398 (November 21, 2023)

Integrations

TheHive Project

Fixed an issue with fetch-incidents command that cases fetch were stopped.
Added support for Look back in fetch-incidents command.
Updated the Docker image to: demisto/python3:3.10.13.80014.

Related pull requests:
- 30471

Download

1.1.19 - R6834680 (November 8, 2023)

Integrations

TheHive Project

Updated the Docker image to: demisto/python3:3.10.13.78960.

Related pull requests:
- 30634

Download

1.1.18 - 6226805 (September 3, 2023)

Integrations

TheHive Project

Updated the Docker image to: demisto/python3:3.10.13.72123.
Fixed an issue in thehive-update-case command where the severity argument was sent incorrectly.

Related pull requests:
- 29379

Download

1.1.17 - R5866730 (July 25, 2023)

Integrations

TheHive Project

Added the API Key integration parameters to support credentials fetching object.
Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27463

Download

1.1.16 - R5170573 (May 2, 2023)

Integrations

TheHive Project

Updated the Docker image to: demisto/python3:3.10.10.48392.
Removed mirroring parameters from cortex XSIAM.

Related pull requests:
- 24220

Download

1.1.15 - R4646022 (February 19, 2023)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 24221

Download

1.1.14 - R4085738 (November 22, 2022)

Integrations

TheHive Project

Added the fetch_closed parameter to be able to fetch closed cases.
Updated the Docker image to: demisto/python3:3.10.6.33415.

Related pull requests:
- 20331

Download

1.1.13 - 3342305 (July 27, 2022)

Integrations

TheHive Project

Updated the Docker image to: demisto/python3:3.10.5.31928.

Related pull requests:
- 20247

Download

1.1.12 - 3243583 (July 11, 2022)

Integrations

TheHive Project

Removed excessive error traceback printing.
Updated the Docker image to: demisto/python3:3.10.5.31797.

Related pull requests:
- 19659

Download

1.1.11 - 2962208 (May 22, 2022)

Integrations

TheHive Project

Updated the Docker image to: demisto/python3:3.10.4.29342.

Download

1.1.10 - 2830268 (April 27, 2022)

Integrations

TheHive Project

Fixed an issue in thehive-create-case and thehive-update-case commands where the tags argument was not parsed correctly.

Download

1.1.9 - 2674843 (March 30, 2022)

Integrations

TheHive Project

Added type validations and other internal code improvements.

Download

1.1.8 - 2589896 (March 16, 2022)

Integrations

TheHive Project

Updated the Docker image to: demisto/python3:3.10.1.26972.

Download

1.1.7 - 2348598 (February 2, 2022)

Integrations

TheHive Project

Updated the Docker image to: demisto/python3:3.10.1.25933.

Download

1.1.6 - 2183875 (December 30, 2021)

Incident Fields

TheHive Case Resolution Status
- Maintenance and stability enhancements.

Download

1.1.5 - R2146019 (December 21, 2021)

Integrations

TheHive Project

Updated the Docker image to: demisto/python3:3.9.8.24399.

Download

1.1.4 - R2009340 (November 25, 2021)

Incident Fields

TheHive Case PAP
- Maintenance and stability enhancements.
TheHive Observables
- Maintenance and stability enhancements.

Download

1.1.3 - 1793249 (October 14, 2021)

Integrations

TheHive Project

Documentation and metadata improvements.

Download

1.1.2 - 7740378 (September 23, 2021)

Integrations

TheHive Project

Updated the Docker image to: demisto/python3:3.9.7.24076.
Moved the Pack to Cortex XSOAR support instead of community support.

Download

1.1.1 - 349609 (May 8, 2021)

Integrations

TheHive Project

Maintenance and stability enhancements.
Updated the Docker image to: demisto/python3:3.9.4.19537.

Download

1.1.0 - 323432 (April 8, 2021)

Integrations

TheHive Project

Added support for the get-modified-remote-data command.
Updated the Docker image to: demisto/python3:3.9.2.18414.

Incident Fields

TheHive Observables

The field is editable.

TheHive Tasks

The field is editable.

Download

1.0.0 - 322974 (March 30, 2021)

Provides an integration, incident type and layout for use with TheHive Project.

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	March 30, 2021
Last Release	March 22, 2026

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

By downloading or using Marketplace content, you agree to the applicable Terms of Use and End User License Agreement. Third-party content is provided by its publisher, and Palo Alto Networks does not warrant, endorse, support, or assume responsibility for content not expressly identified as owned by Palo Alto Networks.