Schedule a Call
Schedule a Call

← Back to All Workflows

Automate TheHive Case Management with Slack & n8n

This workflow automates TheHive case management by integrating Slack for real-time case updates and task management. It solves slow SOC response and manual data entry by enabling analysts to update cases directly from Slack, saving hours daily.
theHiveProjectTrigger
httpRequest
slack
+7
Workflow Identifier: 1128
NODES in Use: theHiveProjectTrigger, stickyNote, httpRequest, set, httpRequest, slack, webhook, switch, respondToWebhook, theHiveProject

Press CTRL+F5 if the workflow didn't load.

BULDRR AI
Learn how to Build this Workflow with AI:

Visit through Desktop for Best experience

What This Workflow Does

This workflow connects TheHive case management with Slack through n8n automation. It helps SOC analysts see new cases and update them directly inside Slack without switching apps. The workflow sends case details to Slack, lets users update severity, status, TLP, PAP, and assignments, and even add tasks. It gives instant Slack feedback to keep information accurate and speed up incident handling.

Who Should Use This Workflow

SOC teams managing multiple threat cases daily benefit most. Anyone needing to reduce manual updates between TheHive and Slack can use this. It suits firms wanting faster incident response and less data entry errors. Users should have basic n8n and Slack knowledge.

Tools and Services Used

  • n8n Automation Platform: Opens and runs the workflow.
  • TheHive 5: Source and update case data via API and webhooks.
  • Slack API: Sends messages, receives user actions, and shows modals.
  • Slack App credentials: Required for API authentication.

Beginner Step-by-Step: How to Use This Workflow in n8n Production

Import The Workflow

  1. Download the workflow JSON file using the Download button on this page.
  2. Open n8n editor where you want to run the workflow.
  3. Use “Import from File” option in n8n to load the downloaded workflow.

Configure Credentials and Details

  1. Add your TheHive API credentials in n8n credentials section.
  2. Add Slack App API credentials in n8n to authorize Slack nodes.
  3. Update IDs, Slack channel names, user emails, or folder IDs in the workflow if different from default.

Test the Workflow

  1. Create a test case in TheHive to trigger the flow.
  2. Check if Slack receives the new case message.
  3. Try updating severity or adding a task to see if changes sync back.

Activate the Workflow

  1. Turn the workflow status to active in n8n editor.
  2. Make sure the server running n8n is reachable by TheHive webhook and Slack API.
  3. Verify logging to catch any errors during live use.

For secure operation, consider self-host n8n on your own server.

Workflow Inputs, Processing Steps, and Outputs

Inputs

  • TheHive webhook triggers when a new case is created.
  • Slack user actions from buttons, dropdowns, and modal submissions.

Processing Steps

  • TheHive Trigger node listens for case creation.
  • Set node creates emoji mappings for case attributes.
  • HTTP Request node calls Slack API to get assignee info by email.
  • Set node builds message parts for Slack.
  • Slack node posts formatted message with interactive buttons.
  • Webhook node receives Slack user actions.
  • Switch node decides action type and next steps.
  • Multiple Set nodes prepare updates.
  • TheHive Project nodes update cases or add tasks via API.
  • HTTP Request node opens Slack modals for task input.
  • HTTP Request node updates Slack messages dynamically.
  • Respond to Webhook nodes send confirmation to Slack.

Outputs

  • New cases appear in Slack channels with details and action buttons.
  • Case updates in Slack reflect on TheHive instantly.
  • Tasks added via Slack modal create corresponding entries in TheHive.
  • User gets immediate feedback after each action via Slack messages.

Handling Edge Cases and Failures

  • Slack API errors often come from wrong or missing credentials—always check API keys and app scopes.
  • Assignee mismatches happen if emails differ between Slack and TheHive—make sure emails are consistent.
  • Slack interactions only work if webhook nodes respond with 200 or 204 HTTP status—confirm proper responses.

Customization Ideas

  • Add more case fields such as impact or category by extending the JSON data in Set nodes.
  • Change emojis or text to suit your team’s language or color code in the formatting dictionary.
  • Add extra inputs in the Slack modal to capture priority or task type.
  • Create automatic Slack alerts for cases with certain severity or status.
  • Route different case types to specific Slack channels using Switch nodes.

Summary of Results

✓ You get a Slack channel showing new TheHive cases with easy actions.
✓ You can update cases or add tasks without leaving Slack.
✓ TheHive and Slack data stay synced instantly.
✓ Less manual errors and faster incident response.

Frequently Asked Questions

Invalid_auth errors happen when Slack API credentials are wrong or lack required permissions. Check API keys and app permission scopes.
Emails differ if user accounts are not synced or use different addresses. Make sure the same email is used in TheHive and Slack profiles.
Ensure each webhook node sends an HTTP 200 or 204 response quickly to Slack. Missing responses cause workflows to not acknowledge Slack actions.
No. This workflow uses Slack APIs and interactive components. Microsoft Teams requires a different integration setup.

2 Months of Sales Navigator 👉 FREE

50+ InMails. Advanced Lead search. First 2 Users only

Get Access

10,000+ n8n Workflows to Download & Learn Building

There’s no automation you can’t learn to build with BULDRR AI.

Start Learning

Automate your LinkedIn Posts

Your posts. Your brand. Fully automated.

📅 Book a Meeting

1:1 - Meeting FREE

I'll show how you can implement AI AGENTS to take over repetitive tasks.

📅 Book a Meeting

Get Self-Host n8n

Why Pay $20/month, When you can Self Host n8n @ $3.99 only

Get +20% Discount

Promoted by BULDRR AI

Learn by Category

Sales →
Productivity →
Social →
Finance →
Marketing →
Content→
Recruitment →
Security →
SEO →
CRM →
Development →
Ecommerce →

Related Workflows

Automate Viral UGC Video Creation Using n8n + Degaus (Beginner-Friendly Guide)

Learn how to automate viral UGC video creation using n8n, AI prompts, and Degaus. This beginner-friendly guide shows how to import, configure, and run the workflow without technical complexity.
Form Trigger
Google Sheets
Gmail
+37
Free

AI SEO Blog Writer Automation Workflows in n8n

A complete beginner guide to building an AI SEO blog writer automation using n8n.
AI Agent
Google Sheets
httpRequest
+5
Free

Automate CrowdStrike Alerts with VirusTotal, Jira & Slack

This workflow automates processing of CrowdStrike detections by enriching threat data via VirusTotal, creating Jira tickets for incident tracking, and notifying teams on Slack for quick response. Save hours daily by transforming complex threat data into actionable alerts effortlessly.
scheduleTrigger
httpRequest
jira
+5
Free

Automate Telegram Invoices to Notion with AI Summaries & Reports

Save hours on financial tracking by automating invoice extraction from Telegram photos to Notion using Google Gemini AI. This workflow extracts data, records transactions, and generates detailed spending reports with charts sent on schedule via Telegram.
lmChatGoogleGemini
telegramTrigger
notion
+9
Free

Automate Email Replies with n8n and AI-Powered Summarization

Save hours managing your inbox with this n8n workflow that uses IMAP email triggers, AI summarization, and vector search to draft concise replies requiring minimal review. Automate business email processing efficiently with AI guidance and Gmail integration.
emailReadImap
vectorStoreQdrant
emailSend
+12
Free

Automate Email Campaigns Using n8n with Gmail & Google Sheets

This n8n workflow automates personalized email outreach campaigns by integrating Gmail and Google Sheets, saving hours of manual follow-up work and reducing errors in email sequences. It ensures timely follow-ups based on previous email interactions, optimizing communication efficiency.
googleSheets
gmail
code
+5
Free
Load More

Browse by Apps

Google Sheets
Chatbot
Airtable
Google Drive
Slack
Notion
Web Scrapping
CRM
Telegram
Calendar
GitHub
Notifications
Messaging
Wordpress
Hubspot
Gmail
Image Generation
File Management
Webhook
SEO
Jira
API Integration
Data Entry
PDF
Linkedin
eCommerce
Outreach