IntelMQ vs TheHive
GitHub Stats
About IntelMQ
IntelMQ is a solution for IT security teams (CERTs, CSIRTs, abuse departments) to collect and process security feeds, pastebins, and tweets using a message queue protocol. It provides a modular bot framework where collector bots fetch data from sources, parser bots normalize it into a standard format (IDEA), expert bots enrich and filter, and output bots distribute to databases, ticketing systems, or downstream tools. IntelMQ handles hundreds of feed formats (abuse.ch, Shadowserver, MISP, PhishTank, etc.) and deduplicates across sources. The web management interface (IntelMQ Manager) allows visual pipeline configuration and monitoring.
About TheHive
TheHive is a scalable, open-source Security Incident Response Platform (SIRP) designed to make life easier for SOCs, CSIRTs, and CERTs dealing with security incidents that need to be investigated and acted upon. It provides collaborative case management where multiple analysts can work on the same case simultaneously, with full audit trails and task assignment. TheHive integrates tightly with Cortex for automated observable analysis (IP lookups, hash checks, domain reputation) and with MISP for threat intelligence sharing. Cases can be created from email alerts, SIEM events, or manually, and each case supports tasks, observables, and evidence attachments. Its template system and custom fields make it adaptable to any organization's incident response workflow.
Platform Support
Tags
Shared
IntelMQ only
TheHive only