TheTHE

TheTHE is an environment that helps Threat Hunting analyst teams to have, unify, share, store and interrelate information related to their research in the early stages of a threat in an easy, unified and fast way. Its ability to integrate with other in-house or external sources makes it a uniquely useful tool that saves time and analysis resources.

• It uses a client-server structure being able to satisfy both user demands and teams that need to share information. Its easiness of deployment via Docker fits perfectly with IaaS services in the cloud.

• It uses and stores the usage keys (commonly called API keys) that will be shared by all the teams with access to the TheTHE instance from a single point, saving time in research resources. In addition, these API keys are stored securely and centrally. No one in the team will need to access or share them as the use of the different APIs is transparent and unified in TheTHE.

• TheTHE stores results chronologically so that they are accessible even after they have disappeared from the web. Moreover, with the added benefit of not requiring additional queries via API to retrieve results. It has a history of results or information over time.

• Its modular design allows it to integrate different third-party tools and APIs very quickly in the form of plugins. In addition, it can feed other cyberintelligence services thanks to its ability to integrate with other tools through extensions and its own programming API.

• It enables the automation of tasks and searches, thus saving duplication and avoiding delays by storing and analysing previous results. It is able to monitor indicators of compromise (IoC's) in case new relevant information is available.