Skip to content

About Custom Fields#

Custom fields provide a way to extend the default set of fields available in cases and alerts, allowing additional, organization-specific information to be recorded.

This topic provides a general overview of custom field usage in TheHive.

Use cases#

In TheHive, custom fields add structure and flexibility to cases and alerts in the following ways:

  • Provide context to cases or alerts, such as the geographic location of an incident or its severity level
  • Support organizational alignment by specifying the relevant business unit or team
  • Enable integration with external tools by including identifiers, adding related data, or linking directly to external resources
  • Streamline processes by indicating internal classification levels
  • Manage checklists to validate specific steps when handling a case or alert
  • Enhance data analysis through tagging, for example, identifying incidents involving VIPs

Types#

Custom fields support the following types:

  • String: Text input
  • Boolean: True/false values
  • Integer: Whole numbers
  • Float: Decimal numbers
  • Date: Specific dates
  • URL: Web links

Expected values#

Custom fields support two types of input values:

  • Free text: Accepts manually entered values without restrictions.
  • Dropdown list: Offers a predefined set of selectable options.

Completion rules#

Custom fields can be configured as either optional or mandatory. Mandatory fields must be completed before a case or an alert can be closed.

Permissions#

Required permissions

Only users with an admin-type profile that has the manageCustomField permission can create, edit, or delete custom fields in TheHive.

Required permissions

Only users with the manageCase/update or manageAlert/update permission can add, remove, or enter values in custom fields in cases and alerts in TheHive.

Next steps