redwaysecurity/the-hive-mcp-server
If you are the rightful owner of the-hive-mcp-server and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.
TheHive MCP Server is a Model Context Protocol server implementation for TheHive, facilitating integration with MCP clients for security incident response.
Tools
Functions exposed to the LLM to take actions
add_case_attachment
Add an attachment to a case.
assign_task
Assign a task to a user.
bulk_delete_alerts
Delete multiple alerts at once.
bulk_delete_observables
Delete multiple observables at once.
bulk_merge_alerts_into_case
Merge multiple alerts into a case.
bulk_update_alerts
Update multiple alerts at once.
bulk_update_cases
Update multiple cases at once.
bulk_update_observables
Update multiple observables at once.
bulk_update_tasks
Update multiple tasks at once.
close_case
Close a case.
complete_task
Mark a task as complete.
count_alerts
Count the number of alerts.
count_cases
Count the number of cases.
count_observables
Count the number of observables.
count_tasks
Count the number of tasks.
create_alert
Create a new alert.
create_alert_observable
Create an observable in an alert.
create_case
Create a new case.
create_case_observable
Create an observable in a case.
create_case_page
Create a page in a case.
create_case_procedure
Create a procedure in a case.
create_case_task
Create a task in a case.
create_cortex_analyzer_job
Create a Cortex analyzer job.
create_cortex_responder_action
Create a Cortex responder action.
create_observable_in_alert
Create an observable in an alert.
create_observable_in_case
Create an observable in a case.
create_task
Create a new task.
create_task_log
Create a log entry for a task.
delete_alert
Delete an alert.
delete_case
Delete a case.
delete_case_attachment
Delete an attachment from a case.
delete_observable
Delete an observable.
delete_task
Delete a task.
download_case_attachment
Download an attachment from a case.
find_alert_observables
Find observables in an alert.
find_case_attachments
Find attachments in a case.
find_case_comments
Find comments in a case.
find_case_observables
Find observables in a case.
find_case_pages
Find pages in a case.
find_case_procedures
Find procedures in a case.
find_case_tasks
Find tasks in a case.
find_task_logs
Find logs for a task.
follow_alert
Follow an alert.
get_alert
Retrieve an alert.
get_alert_similar_observables
Get similar observables for an alert.
get_alerts
Retrieve multiple alerts.
get_case
Retrieve a case.
get_case_similar_observables
Get similar observables for a case.
get_cases
Retrieve multiple cases.
get_cortex_analyzer
Retrieve a Cortex analyzer.
get_cortex_analyzer_job
Retrieve a Cortex analyzer job.
get_observable
Retrieve an observable.
get_observable_analyzer_jobs
Retrieve analyzer jobs for an observable.
get_observables
Retrieve multiple observables.
get_task
Retrieve a task.
get_tasks
Retrieve multiple tasks.
import_alert_into_case
Import an alert into a case.
list_cortex_analyzers
List available Cortex analyzers.
list_cortex_analyzers_by_type
List Cortex analyzers by type.
list_cortex_responders
List available Cortex responders.
merge_alert_into_case
Merge an alert into a case.
merge_cases
Merge multiple cases.
promote_alert_to_case
Promote an alert to a case.
run_observable_analyzer
Run an analyzer on an observable.
run_observable_analyzers
Run multiple analyzers on an observable.
share_observable
Share an observable.
start_task
Start a task.
unfollow_alert
Unfollow an alert.
unshare_observable
Unshare an observable.
update_alert
Update an alert.
update_case
Update a case.
update_observable
Update an observable.
update_task
Update a task.
Prompts
Interactive templates invoked by user choice
No prompts
Resources
Contextual data attached and managed by the client