Skip to content
Threat Feed Aggregation, Made Easy
Branch: master
Clone or download
ninSmith Merge pull request #69 from phpsystems/master
Whitespace and syntax fixes
Latest commit 03df065 Oct 19, 2018
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github add an issue template Feb 2, 2017
core Whitespace and syntax fixes Oct 17, 2018
docs fixed markdown typo May 6, 2017
images add Hippocampe logo Feb 2, 2017
.gitignore Fixes #7, added one line in gitignore Nov 8, 2016
AUTHORS change email address and update the copyright dates Feb 2, 2017
Dockerfile Setting the version for urllib. 1.24 seems not to work. Oct 17, 2018
LICENSE Remove license headers and change license to AGPL-3 Nov 7, 2016
docker-compose.yml Replacing previous Docker components. This should allow people to qui… Apr 12, 2017 Replacing previous Docker components. This should allow people to qui… Apr 12, 2017

Hippocampe is a threat feed aggregator. It gives your organisation a threat feed 'memory' and lets you query it easily through a REST API or from a Web UI. If you have a Cortex server, there's already an analyzer to query Hippocampe. And if you use TheHive as a security incident response platform, you can customize the JSON output produced by the analyzer to your taste or use the report template that we kindly provide.

Hippocampe aggregates feeds from the Internet in an Elasticsearch cluster. It has a REST API which allows to search into its 'memory'. It is based on a Python script which fetchs URLs corresponding to feeds, parses and indexes them.


Hippocampe allows analysts to configure a confidence level for each feed that can be changed over time and when queried, it will provide a score called Hipposcore that will aid the analyst decide whether the analyzed observables are innocuous or rather malicious.


Hippocampe is an open source and free software released under the AGPL (Affero General Public License). We, TheHive Project, are committed to ensure that Hippocampe will remain a free and open source project on the long-run.


  • Extracting observable or IOCs from an email or a report
  • Adding data manually
  • Distinguish fields generate by Hippocampe from those generated by feeds
  • Show related data (eg, when searching for a URL, show the domain as related if hippocampe knows it)
  • Index MISP attributes


Information, news and updates are regularly posted on TheHive Project Twitter account and on the blog.


We welcome your contributions. Please feel free to fork the code, play with it, make some patches and send us pull requests.


Please open an issue on GitHub if you'd like to report a bug or request a feature.

Alternatively, if you need to contact the project team, send an email to

Community Discussions

We have set up a Google forum at To request access, you need a Google account. You may create one using a Gmail address or without one.


You can’t perform that action at this time.