• Pricing
Book a demo

Automate case assignment in TheHive with AI

Swiftask analyzes your security incidents and routes them instantly to the most qualified analyst in TheHive, without manual effort.

Result:

Save valuable time on triage and ensure immediate attention for every detected threat.

Manual triage is slowing down your SOC

In cybersecurity, every second counts. Manual case assignment in TheHive creates bottlenecks, overloads analysts, and leaves critical alerts sitting in the queue.

Main negative impacts:

  • Increased response times: Time spent manually sorting and assigning cases delays the investigation and remediation of real threats.
  • Uneven workload distribution: Without automation, available analysts are often overwhelmed, while others remain underutilized on low-priority tasks.
  • Risk of human error: Misclassification or incorrect assignment can lead to missed visibility on high-severity incidents.

Swiftask integrates natively with TheHive to automate assignment. Our AI evaluates severity, threat type, and analyst skills to route every case automatically.

BEFORE / AFTER

What changes with Swiftask

Traditional manual triage

A new incident arrives in TheHive. A SOC manager must read it, assess priority, check analyst availability, and assign it manually. This can take minutes or hours during peak times.

Swiftask smart assignment

As soon as a case opens in TheHive, Swiftask's AI agent extracts metadata, analyzes incident context, and assigns it instantly to the most qualified, available analyst. The process takes less than a second.

Deploy smart assignment in 4 steps

STEP 1 : Connect TheHive to Swiftask

Set up secure API access between TheHive and your Swiftask platform to enable case read and write capabilities.

STEP 2 : Define your assignment rules

Use the no-code interface to set rules based on tags, severity levels, or detected threat types.

STEP 3 : Configure analyst profiles

Register analyst skills and specialties in Swiftask to enable ultra-precise routing.

STEP 4 : Activate the automated flow

The AI agent immediately starts monitoring new cases and assigning them according to your established directives.

Advanced assignment capabilities

The AI analyzes alert content, severity, origin, and historical incident patterns in real-time to make the optimal decision.

  • Target connector: The agent performs the right actions in thehive based on event context.
  • Automated actions: Automatic analyst assignment, status updates, priority tagging, Teams/Slack notifications, and automated escalation if no response is received.
  • Native governance: All assignment actions are logged in TheHive, ensuring complete transparency regarding AI-driven decisions.

Each action is contextualized and executed automatically at the right time.

Each Swiftask agent uses a dedicated identity (e.g. agent-thehive@swiftask.ai ). You keep full visibility on every action and every sent message.

Key takeaway: The agent automates repetitive decisions and leaves high-value actions to your teams.

Operational benefits for your SOC

1. Drastic MTTR reduction

Latencies before incident response are reduced to near zero.

2. Automated workload balancing

Optimize team productivity by distributing cases based on real-time availability.

3. Improved analysis quality

By matching cases to the right experts, you increase first-pass resolution rates.

4. Standardized processes

Eliminate processing inconsistencies; every incident is handled according to your organization's rules.

5. Scalability without hiring

Handle growing incident volumes without needing to increase the size of your triage team.

Security and data governance

Swiftask applies enterprise-grade security standards for your thehive automations.

  • Encrypted communication: Integration with TheHive uses secure API tokens and TLS encrypted communications.
  • Granular control: You maintain full control over assignment rules and can modify them in real-time via Swiftask.
  • Full audit trail: Every assignment decision is recorded, allowing for easy auditing by compliance teams.
  • Data integrity: Swiftask does not alter your raw incident data; it only optimizes the routing process.

To learn more about compliance, visit the Swiftask governance page for detailed security architecture information.

RESULTS

Measurable impact on your performance

MetricBeforeAfter
Average assignment time5-15 minutesLess than 1 second
Assignment error rateHigh (human)Near 0%
Analyst productivityTime lost on triage100% on investigation
Deployment timeComplex developmentFast no-code setup

Take action with thehive

Save valuable time on triage and ensure immediate attention for every detected threat.

Automatically synchronize IoC in TheHive with Swiftask

Next use case