Mobile alerting with tracking & escalation for TheHive



TheHive is a scalable, cloud-based or on-premise Security Incident Response Platform, tightly integrated with MISP (Malware Information Sharing Platform). It is designed to makes life easier for SOCs, CSIRTs, CERTs and any information security practitioner when dealing with security incidents that need to be investigated and acted upon swiftly.

SIGNL4 extends TheHive and adds app-based mobile alerting and incident response including push, SMS text, voice calls, escalations and collaboration. The integrated duty planning helps you to schedule your team’s on-call duties and allows you to see who is on duty at any given time.

 How it Works

TheHive uses webhooks to submit alert information to SIGNL4. You can simply configure it by entering your SIGNL4 webhook URL including team secret. Specifically the integration helps you with the following.

  • Forwards TheHive events to SIGNL4 for mobile alerting
  • Uses Webhook or SMTP email to connect to your SIGNL4 team
  • Staff can acknowledge and take ownership for critical events that occur
  • Communicate within an alert to address a particular problem
  • Alerts are escalated in case of no response
  • On-call scheduling to alert the right people at the right time


  • 24×7 SecOps with on-call staff
  • Critical SecOps Alerting
  • Customer service hotline
  • Anywhere critical incidence response
  • On-call scheduling of IT / network teams


  • Significantly shorter response times for security incidents, thus shorter mean time to repair (MTTR)
  • Ensures attention for critical alerts and minimizes false alerts
  • Clear responsibilities and transparent ownership of security incidents
  • Collaboration with team members when assistance is needed

Alerts in TheHive are sent to SIGNL4 via HTTP request

Event categorization, routing and automated delivery

Persistent Notifications by push, text and voice call with Tracking, Escalation and Confirmation to Staff on Duty


In the TheHive web portal log in as a user to configure SIGNL4 alerting.


In the user portal under Organization -> Endpoints you can create a new Webhook endpoint and use the SIGNL4 webhook URL.{team-secret}

Here, {team-secret} is your SIGNL4 team secret.


Now, under Organization -> Notifications you can create a new Notification. Under Notifiers select your SIGNL4 webhook endpoint and as Trigger select what is suitable for your scenario, e.g. “AnyEvent” or “AlertCreated”.

That’s it. Now your SIGNL4 team gets notified when there is a new event or alert available in TheHive.


If you would like to have a deeper integration, e.g. two-way, certain formatting, etc. you might want to use a no-code platform like n8n for integrating SIGNL4 with TheHive. You can find a sample workflow here.


SIGNL4 can further increase the visibility of alerts through its Signals and Services section. Augmenting the color and icon of alerts will provide more relevant information at a glance without having to open the alert.


Change alert color and override title + text 

Override text, colors and titles are triggered by keywords set within the mobile app.

Related Integrations

Camunda BPM




Gimasi Service Button



IoT / IT Ops

ifm IO-Link

Industry 4.0 / IoT

Melrose Labs SMS

Industry 4.0 / IoT

PRTG Network Monitor

IoT / IT Ops


IoT / IT Ops



Ready for a free 30-days trial?