MISP vs TheHive
GitHub Stats
About MISP
MISP (Malware Information Sharing Platform) is an open-source threat intelligence platform for gathering, sharing, storing, and correlating Indicators of Compromise (IOCs) of targeted attacks, threat intelligence, financial fraud information, vulnerability information, and counter-terrorism data. It provides a robust data model for structuring threat data, automatic correlation of attributes and indicators, flexible sharing groups for controlled distribution, and import/export in STIX, OpenIOC, and many other formats. MISP includes a built-in feed system for consuming external threat intelligence, a REST API for automation, and taxonomies and galaxies for consistent classification. It's used by CERTs, SOCs, threat intelligence teams, and law enforcement worldwide as their primary threat intelligence management platform.
About TheHive
TheHive is a scalable, open-source Security Incident Response Platform (SIRP) designed to make life easier for SOCs, CSIRTs, and CERTs dealing with security incidents that need to be investigated and acted upon. It provides collaborative case management where multiple analysts can work on the same case simultaneously, with full audit trails and task assignment. TheHive integrates tightly with Cortex for automated observable analysis (IP lookups, hash checks, domain reputation) and with MISP for threat intelligence sharing. Cases can be created from email alerts, SIEM events, or manually, and each case supports tasks, observables, and evidence attachments. Its template system and custom fields make it adaptable to any organization's incident response workflow.
Platform Support
Tags
Shared
MISP only
TheHive only