Schedule a Call
Schedule a Call

Buldrr AI

Schedule a Call
Schedule a Call

← Back to All Workflows

Automate TheHive Case Management with Slack & n8n

This workflow automates TheHive case management by integrating Slack for real-time case updates and task management. It solves slow SOC response and manual data entry by enabling analysts to update cases directly from Slack, saving hours daily.
theHiveProjectTrigger
httpRequest
slack
+7
Workflow Identifier: 1128
NODES in Use: theHiveProjectTrigger, stickyNote, httpRequest, set, httpRequest, slack, webhook, switch, respondToWebhook, theHiveProject
Automate case management with Slack and n8n

Press CTRL+F5 if the workflow didn't load.

BULDRR AI
Learn how to Build this Workflow with AI:

What This Workflow Does

This workflow connects TheHive case management with Slack through n8n automation. It helps SOC analysts see new cases and update them directly inside Slack without switching apps. The workflow sends case details to Slack, lets users update severity, status, TLP, PAP, and assignments, and even add tasks. It gives instant Slack feedback to keep information accurate and speed up incident handling.

Who Should Use This Workflow

SOC teams managing multiple threat cases daily benefit most. Anyone needing to reduce manual updates between TheHive and Slack can use this. It suits firms wanting faster incident response and less data entry errors. Users should have basic n8n and Slack knowledge.

Tools and Services Used

  • n8n Automation Platform: Opens and runs the workflow.
  • TheHive 5: Source and update case data via API and webhooks.
  • Slack API: Sends messages, receives user actions, and shows modals.
  • Slack App credentials: Required for API authentication.

Beginner Step-by-Step: How to Use This Workflow in n8n Production

Import The Workflow

  1. Download the workflow JSON file using the Download button on this page.
  2. Open n8n editor where you want to run the workflow.
  3. Use “Import from File” option in n8n to load the downloaded workflow.

Configure Credentials and Details

  1. Add your TheHive API credentials in n8n credentials section.
  2. Add Slack App API credentials in n8n to authorize Slack nodes.
  3. Update IDs, Slack channel names, user emails, or folder IDs in the workflow if different from default.

Test the Workflow

  1. Create a test case in TheHive to trigger the flow.
  2. Check if Slack receives the new case message.
  3. Try updating severity or adding a task to see if changes sync back.

Activate the Workflow

  1. Turn the workflow status to active in n8n editor.
  2. Make sure the server running n8n is reachable by TheHive webhook and Slack API.
  3. Verify logging to catch any errors during live use.

For secure operation, consider self-host n8n on your own server.

Workflow Inputs, Processing Steps, and Outputs

Inputs

  • TheHive webhook triggers when a new case is created.
  • Slack user actions from buttons, dropdowns, and modal submissions.

Processing Steps

  • TheHive Trigger node listens for case creation.
  • Set node creates emoji mappings for case attributes.
  • HTTP Request node calls Slack API to get assignee info by email.
  • Set node builds message parts for Slack.
  • Slack node posts formatted message with interactive buttons.
  • Webhook node receives Slack user actions.
  • Switch node decides action type and next steps.
  • Multiple Set nodes prepare updates.
  • TheHive Project nodes update cases or add tasks via API.
  • HTTP Request node opens Slack modals for task input.
  • HTTP Request node updates Slack messages dynamically.
  • Respond to Webhook nodes send confirmation to Slack.

Outputs

  • New cases appear in Slack channels with details and action buttons.
  • Case updates in Slack reflect on TheHive instantly.
  • Tasks added via Slack modal create corresponding entries in TheHive.
  • User gets immediate feedback after each action via Slack messages.

Handling Edge Cases and Failures

  • Slack API errors often come from wrong or missing credentials—always check API keys and app scopes.
  • Assignee mismatches happen if emails differ between Slack and TheHive—make sure emails are consistent.
  • Slack interactions only work if webhook nodes respond with 200 or 204 HTTP status—confirm proper responses.

Customization Ideas

  • Add more case fields such as impact or category by extending the JSON data in Set nodes.
  • Change emojis or text to suit your team’s language or color code in the formatting dictionary.
  • Add extra inputs in the Slack modal to capture priority or task type.
  • Create automatic Slack alerts for cases with certain severity or status.
  • Route different case types to specific Slack channels using Switch nodes.

Summary of Results

✓ You get a Slack channel showing new TheHive cases with easy actions.
✓ You can update cases or add tasks without leaving Slack.
✓ TheHive and Slack data stay synced instantly.
✓ Less manual errors and faster incident response.

Automate case management with Slack and n8n

Visit through Desktop to Interact with the Workflow.

Frequently Asked Questions

Invalid_auth errors happen when Slack API credentials are wrong or lack required permissions. Check API keys and app permission scopes.
Emails differ if user accounts are not synced or use different addresses. Make sure the same email is used in TheHive and Slack profiles.
Ensure each webhook node sends an HTTP 200 or 204 response quickly to Slack. Missing responses cause workflows to not acknowledge Slack actions.
No. This workflow uses Slack APIs and interactive components. Microsoft Teams requires a different integration setup.

Get Self-Host n8n

Why Pay $20/month, When you can Self Host n8n @ $3.99 only

Get +20% Discount

2 Months of Sales Navigator 👉 FREE

50+ InMails. Advanced Lead search. First 2 Users only

Get Access

10,000+ n8n Workflows to Download & Learn Building

There’s no automation you can’t learn to build with BULDRR AI.

Start Learning

1:1 - Meeting FREE

I'll show how you can implement AI AGENTS to take over repetitive tasks.

📅 Book a Meeting

Promoted by BULDRR AI

Learn by Category

Sales →
Productivity →
Social →
Finance →
Marketing →
Content→
Recruitment →
Security →
SEO →
CRM →
Development →
Ecommerce →

Related Workflows

Automate Twist Channel Creation and Messaging with n8n

This workflow automates creating and updating a channel in Twist and sending a personalized message to specific users. It eliminates manual setup errors and saves time managing Twist communications.

Automate Ideogram Image Generation with Google Sheets & Gmail

This workflow automates graphic design image generation via Ideogram AI, storing image data in Google Sheets and Google Drive, with email alerts via Gmail. It saves designers hours by automating image creation, remixing, review, and record-keeping.

Automate IT Support with Slack and OpenAI in n8n

Streamline IT support by automating Slack message handling using n8n and OpenAI. This workflow handles Slack DMs, filters bots, queries a Confluence knowledge base, and delivers AI-generated responses, improving support efficiency and response time.

Automate Crypto Analysis with CoinMarketCap & n8n AI Agent

Discover how this unique n8n workflow leverages CoinMarketCap’s multi-agent AI to deliver precise, real-time cryptocurrency insights directly via Telegram. Manage crypto data analysis efficiently with automated multi-source API integration.

Automate Gumroad to Beehiiv Subscriber Sync with n8n

Learn how to automatically add new Gumroad sales customers as Beehiiv newsletter subscribers using n8n automation. This workflow saves time by syncing sales data to Google Sheets CRM and notifying your Telegram channel instantly.

Generate On-Brand Blog Articles Using n8n and OpenAI

This workflow automates the creation of on-brand blog articles by analyzing existing company content using n8n and OpenAI. It extracts article structures and brand voice to produce consistent draft articles, saving significant content creation time.
Load More

Browse by Apps

Google Sheets
Chatbot
Airtable
Google Drive
Slack
Notion
Web Scrapping
CRM
Telegram
Calendar
GitHub
Notifications
Messaging
Wordpress
Hubspot
Gmail
Image Generation
File Management
Webhook
SEO
Jira
API Integration
Data Entry
PDF
Linkedin
eCommerce
Outreach
1:1 Free Strategy Session
Your competitors are already automating. Are you still paying for it manually?

Do you want to adopt AI Automation?

Every hour your team does repetitive work, you're burning real money.
While you wait, faster businesses are cutting costs and moving quicker.
AI and automations aren't the future anymore — they're the present.

Book a live 1-on-1 session where we show you exactly which of your daily tasks can be automated — and what it’s costing you not to.

100% FREE
Show Me What I'm Losing →
No thanks, I'll keep paying for manual work