Claude AI Security Analyst + TheHive Incident Response

This workflow automates AI-powered security incident response using Claude AI and TheHive, eliminating the manual case analysis that consumes over 20 hours weekly for security teams handling 50+ incidents monthly. When an incident arrives via webhook, Claude Sonnet (Anthropic's latest model) immediately analyzes the threat — classifying severity, identifying attack vectors, and generating investigation steps — before orchestrating a complete TheHive workflow: creating the alert, promoting it to a case, adding observables, and assigning AI-guided tasks with a full analysis log. Every result is returned as structured JSON. Key nodes: Webhook (intake) → HTTP Request (Claude AI analysis) → Code (enrichment + parsing) → Code (TheHive orchestration) → RespondToWebhook (JSON response) Results: 90% faster incident processing, 75% improvement in threat classification accuracy, 15+ hours saved per week on 50–200 incidents monthly. Ideal for: SOC teams, MSSPs, and IT security teams of 3–10 staff in tech or finance. Scales to 1,000+ incidents/month. Setup: Under 10 minutes — set 3 environment variables (ANTHROPIC_API_KEY, THEHIVE_URL, THEHIVE_API_KEY) and activate. Requires HTTPS. APIs required: Anthropic Claude — pay-per-use (~$0.003/1K tokens) — console.anthropic.com TheHive — free self-hosted or cloud plan — thehive-project.org n8n — $20/month cloud or self-hosted free