Skip to content

🐝 Hive Platform Integration#

APHIDS is designed to work seamlessly with The Hive — an offensive security operations platform built on a Neo4j graph database.

Overview#

When APHIDS runs in online mode, scan results are uploaded to Hive in real-time, where they are:

  • Parsed and normalized into graph nodes (assets, findings, vulnerabilities)
  • Enriched with CVE/NVD/EPSS threat intelligence
  • Correlated across scans using graph relationships
  • Analyzed by AI (Claude) for threat insights and summaries
  • Visualized as interactive attack surface graphs

Setup#

1. Get Your API Key#

Register on the Hive platform and generate an API key from your account settings.

2. Configure APHIDS#

export APHIDS_API_KEY="your-key-here"
aphids-cli -o options.yaml -c config.yaml

# config.yaml
authorization:
  apiKey: YOUR_KEY

baseUrl: https://api.hive.darksidesecurity.io/
baseWsUrl: wss://ws.continuity.hive.darksidesecurity.io/

endpoints:
  valis:
    path: valis/
  continuity:
    path: continuity/
  valis-cli:
    path: executions-cli/

3. Enable Online Mode#

# options.yaml
configuration:
  online: enabled
  network: public

What Hive Provides#

Graph-Based Asset Intelligence#

Every scan result is stored as interconnected nodes in a Neo4j graph:

  • Assets: URLs, IPs, hosts, ports, DNS records, sites, applications
  • Findings: Individual scan results linked to assets
  • Vulnerabilities: Deduplicated, enriched vulnerability records
  • Scans: Execution history with timestamps and metadata
  • Relationships: Discovered-by, has-finding, belongs-to, and more

AI Security Assistant#

Chat with your attack surface using natural language:

  • "What are the most critical vulnerabilities found in the last scan?"
  • "Show me all assets running Apache"
  • "What attack vectors exist for example.com?"
  • "Generate a summary of the external pentest findings"

Powered by Claude (AWS Bedrock) with direct Neo4j graph access.

Threat Insights#

AI-generated security intelligence automatically inferred from scan data:

  • Exposed admin panels
  • End-of-life software
  • Inferred vulnerabilities
  • Weak cryptography
  • Misconfigurations
  • Default credentials
  • Information disclosure
  • Network exposure

Each insight includes confidence scores, affected assets, related CVEs, and remediation recommendations.

Vulnerability Management#

  • CVE/NVD enrichment — Automatic CVE data lookup
  • EPSS scoring — Exploit prediction probability
  • CVSS v3.1 calculator — Interactive scoring
  • CPE-to-CVE mapping — Technology-based vulnerability discovery
  • SLA tracking — Remediation timeline monitoring
  • Deduplication — Intelligent finding merge across scans

Reporting Engine#

Generate professional reports from scan data:

  • 4 built-in templates — Vulnerability assessment, asset intelligence, operational brief, AI-generated
  • Drag-and-drop editor — Custom section building
  • AI-assisted writing — Claude generates report narratives
  • PDF export — Professional document output
  • Bulk import — Import findings from other tools

Engagement & Campaign Management#

  • Engagements — Scope, timeline, and asset management per assessment
  • Campaigns — Group engagements for ongoing programs
  • Organizations — Multi-tenant isolation
  • Groups & Teams — RBAC and collaboration

Real-Time Data Flow#

APHIDS CLI/Agent
    ├── Scan results → Valis Receiver → Parser → Neo4j Graph
    ├── Post-processor triggered:
    │   ├── LLM Summary (Claude) → Scan insights
    │   ├── Threat Inference → ThreatInsights nodes
    │   └── Finding Correlation → Cross-scan analysis
    └── WebSocket notification → UI updates in real-time

When APHIDS uploads scan results:

  1. Valis receives and parses the raw tool output
  2. Parsers normalize findings into graph nodes with relationships
  3. Post-processor triggers AI enrichment (summaries, threat insights, correlations)
  4. WebSocket pushes updates to the Hive UI in real-time
  5. Dashboard updates with new assets, findings, and vulnerability metrics

Integrations#

Hive connects to external systems:

Integration Capability
Jira Cloud Create issues from vulnerabilities with evidence
Shodan Passive IP reconnaissance and enrichment
Censys Internet-wide scanning data
NVD/CVE Vulnerability data enrichment
EPSS Exploit prediction scoring

MCP + Hive#

When using APHIDS in MCP mode with Hive, AI agents get additional tools:

  • set_engagement — Configure engagement context
  • get_engagement — Query current engagement
  • submit_findings — Push custom vulnerability findings
  • submit_assets — Submit discovered assets

This enables AI-driven security workflows where the agent can scan, analyze, and report — all through natural language.

Dashboard#

The Hive dashboard provides:

  • Asset metrics — Growth trends, inventory by type
  • Vulnerability metrics — Severity distribution, monthly trends, top vulnerabilities
  • Scan history — Execution timeline, tool usage, comparison
  • Risk scoring — 0-100 scale per asset based on vulnerability data
  • Activity feed — Team activity and scan events