Swiftask assists your SOC analysts in the final stages of incident management. Synthesize data and close TheHive cases without manual effort.
Result:
Reduce security ticket processing time while ensuring comprehensive and compliant documentation.
AI Agents
thehive
Connector thehive · Secure OAuth 2.0
Closing a case in TheHive is a critical but time-consuming step. Between summarizing evidence, writing incident reports, and updating metrics, analysts lose time that should be spent on threat hunting.
Main negative impacts:
Incomplete documentation
Under high volume, closing reports are often rushed, making post-incident analysis difficult.
Operational overhead
Repetitive manual tasks increase SOC team fatigue and the risk of human error.
MTTD/MTTR degradation
Backlogs of cases awaiting closure skew your security performance metrics.
Swiftask automates data collection, generates a coherent incident summary, and prepares the closure in TheHive, allowing analysts to approve with a single click.
BEFORE / AFTER
Manual management in TheHive
The analyst manually reviews all observables, writes a text summary, checks tags, and closes the case after tedious data entry.
AI-assisted closure with Swiftask
The AI agent analyzes case history, generates the final report, suggests closure tags, and updates the status in TheHive automatically.
1
STEP 1 : Define templates
Configure the expected format for your TheHive closure reports within Swiftask.
2
STEP 2 : Connect TheHive API
Connect Swiftask to your TheHive instance via a secure API key for read/write access.
3
STEP 3 : Set up triggers
Activate the agent when a case status changes to 'Resolved' or manually via a button.
4
STEP 4 : Human validation
The agent proposes the final report; the analyst validates, and the case is closed cleanly.
The agent processes observables, associated logs, and analysis notes to build a factual incident summary.
Each action is contextualized and executed automatically at the right time.
Each Swiftask agent uses a dedicated identity (e.g. agent-thehive@swiftask.ai ). You keep full visibility on every action and every sent message.
Key takeaway: The agent automates repetitive decisions and leaves high-value actions to your teams.
Every incident is documented according to your internal standards, without individual variation.
Cut the time spent on administrative paperwork by 5x.
Well-closed cases facilitate future research and statistical analysis.
Free your experts from repetitive tasks to focus on complex investigations.
Perfect traceability for security audits and regulatory requirements.
Swiftask applies enterprise-grade security standards for your thehive automations.
To learn more about compliance, visit the Swiftask governance page for detailed security architecture information.
RESULTS
| Metric | Before | After |
|---|---|---|
| Closure time per case | 15-20 minutes | 2 minutes |
| Report completion rate | Variable | 100% compliant |
| Analyst fatigue | High | Reduced |
| Input errors | Frequent | Zero |
Reduce security ticket processing time while ensuring comprehensive and compliant documentation.