TheHive turns 5 and adopts a model shaped for the future

Nabil Adouani
StrangeBee — Announcements
3 min readSep 16, 2021

For its upcoming fifth major release, the leading Security Incident Response Platform will be available under a new distribution model to ensure a sustainable future for the product. This blog post explains why and how.


TheHive was released in 2016, under an AGPL v3 license and has rapidly become a global reference for incident response.

TheHive usage statistics

TheHive is used today by private companies as well as public institutions, across all continents, covering all sectors: Finance, Telecom, Energy, Space & Defense, Retail, Media, etc.

The platform established itself as a necessary solution to address the rising tide of cyber threats for teams, large and small, as well as dozens of service providers (MSSPs) and even software vendors, who include it in their packaged cybersecurity offerings.

As you can probably imagine, having a free, Open Source project, with such a significant user base requires a tremendous amount of time and resources especially considering the need to consistently deliver high quality human responses to user errors and quality code to fix and prevent bugs. This led us to invest heavily in strengthening the governance and intensify the development of the product to the benefit of the community starting all the way back in late 2018 when we co-founded the company, StrangeBee.

Since then, TheHive was developed exclusively by us and those who work with us at StrangeBee, sustaining the platform mainly through support contracts.

In order to meet both the growing needs of our large user base and our desire to do even more for them, we decided to implement a broader, fairer and more scalable model that will give the bandwidth to both deliver excellent products and quality support at all levels.

Therefore, we are pleased to announce the arrival of TheHive 5, and its new distribution model, which will come into play Q4 of 2021.


TheHive 5 will be available as freemium software, with different license plans tailor made for every user regardless of the deployment type. The breakdown is as follows:

  • Community license: free for personal, educational and basic commercial use.
  • Gold license: for most use cases that don’t have strict compliance requirements.
  • Platinum license: for teams with high security, scalability, and availability requirements as well as enterprise level sign-in options like SSO/OpenID.
  • MSSP license: for partners, cloud and service providers who want to offer TheHive to their respective customers.

All these licenses will be available for on-premises use and as cloud offerings (IaaS and SaaS). Of course, TheHive Cloud Platform (THCP) will include all TheHive 5 plans.

The Community edition will allow any team to leverage most incident response capabilities of TheHive, including many new enhancements, for FREE.

The other license plans will enable additional enterprise-oriented security, scalability, and integration options as mentioned above.

Below is an overview of the upcoming plans and a comparison with TheHive 4, the current version:

TheHive 5 license plans


TheHive 5 will bring significant improvements. In addition to a brand-new UI designed from the ground up, case and alert management enhancements, MISP and MITRE ATT&CK support improvements, TheHive 5 will include many other long-awaited features such as adding comment to cases and alerts or running analysers on alert observables to improve the alert triage process. Stay tuned for additional and exciting announcements.

In the meantime, we tried to answer as many questions as we could think of at this stage on the companion FAQ. However, should you have more questions, please contact us at



Nabil Adouani
StrangeBee — Announcements

Cofounder/CEO of, Building @TheHive_Project. Digital Entrepreneur interested in Software Engineering and Cyber Security.