Incident response platform with AI-powered triage for SOCs and CERTs
StrangeBee builds TheHive and Cortex, incident response platforms deployed across SOCs, CERTs, and CSIRTs. The tech stack (Go, Python, Rust, Java, Play Framework, Akka, JanusGraph) reflects a mature polyglot architecture handling complex alert workflows. Active adoption of Claude and Java, paired with projects around LLM integration and AI agents for triage, signals a strategic pivot toward AI-assisted incident response—directly addressing their stated pain around SOC analyst efficiency and alert fatigue.
StrangeBee is a cybersecurity software company founded in 2018 and based in Paris, with 51–200 employees. The company develops TheHive and Cortex, purpose-built platforms for incident response teams at organizations of all sizes. TheHive serves as a case-management system for SOCs, CERTs, and CSIRTs, while Cortex handles alert triage and enrichment. Both products are offered on-premise and cloud-hosted. The platform is designed to reduce mean time to response, combat alert fatigue, and improve analyst productivity. Incident responders across thousands of organizations rely on these tools to manage and triage security incidents.
TheHive is a case-management platform for SOCs, CERTs, and CSIRTs that speeds triage and incident response. Cortex handles alert enrichment and triage. Together they reduce time to recovery and combat alert fatigue for incident responders.
StrangeBee's stack includes Go, Python, Rust, Java, Scala, and the Play Framework. The company is actively adopting Java and replacing Scala, while integrating Claude for AI capabilities.
Other companies in the same industry, closest in size