TheHive Cortex Analyzer

Incident Response & Ticketing

A picture of U2hhcmVhYmxlUmVzb3VyY2VJbWFnZTplM2Y3OTQxMy0xYmZlLTQ4ZDUtOTlmMi01MGYxYzE0MmYxZjg=

Overview

This integration enables TheHive to query OpenCTI for observable matches through Cortex analyzers, allowing investigators to enrich observables with threat intelligence directly from case artifacts.

The TheHive Cortex OpenCTI integration provides TheHive users with the ability to search and enrich observables using OpenCTI's threat intelligence database through Cortex analyzers. This integration streamlines threat investigation workflows by enabling direct lookups of observables from within TheHive cases.

Key capabilities include:

Exact Observable Matching: Use the OpenCTI_SearchExactObservable analyzer to retrieve precise matches for observables in the OpenCTI platform
Broad Observable Search: Leverage the OpenCTI_SearchObservables analyzer to find all observables containing the input data, enabling broader threat context discovery

Basic information

Organization

Filigran

Author

Nino Rowlands

Type

Third party integrations

Subtype

Case Management, Other

Last updated atJanuary 26, 2026

Vendor URLhttps://github.com/TheHive-Project/Cortex-Analyzers/tree/master/analyzers/OpenCTI

Github URLhttps://github.com/TheHive-Project/Cortex-Analyzers/tree/master/analyzers/OpenCTI

OpenCTI compatibility version5.6.1

Shares0