Cortex
Observable analysis engine powering TheHive: run analyzers and responders against IOCs via a unified API.
Why it is included
Completes the open StrangeBee IR story with pluggable analysis jobs.
Best for
SOCs automating enrichment (VT, passive DNS, sandboxes) from TheHive.
Strengths
- Analyzer catalog
- Responder actions
- API-first
Limitations
- Operational cost of analyzer keys and sandboxes
Good alternatives
Shuffle workflows · commercial SOAR
Related tools
Security & Privacy
TheHive
Security incident response platform: cases, tasks, observables, MISP sync, and timeline collaboration.
Security & Privacy
Shuffle
Open-source security automation (SOAR) with visual workflows, webhooks, and app integrations for SOC glue code.
Security & Privacy
MISP
Threat intelligence sharing platform: IOCs, galaxies, taxonomies, sync between communities, and API automation.
Security & Privacy
OpenCTI
Open cyber threat intelligence platform with knowledge graph, connectors (MISP, STIX/TAXII), and investigation UI.
Security & Privacy
IntelOwl
Analyze files, IPs, domains, and URLs in one request by fanning out to many free/TI analyzers (YARA, PE, DNS, etc.).
Security & Privacy
Wazuh
Open security platform combining SIEM, XDR, file integrity monitoring, and compliance checks across endpoints and cloud.