About Custom Fields#
Custom fields let you add additional information to cases and alerts.
By default, TheHive includes predefined fields for cases and alerts. To better suit your needs, you can create custom fields to tailor cases and alerts.
You can configure these fields as optional or mandatory for users.
Use cases#
You can use custom fields to:
- Provide context to cases or alerts, such as the geographic location of an incident or its severity level.
- Support organizational alignment by specifying the relevant business unit or team.
- Enable integration with tools and feeders by including identifiers or other data from external systems, or linking directly to external system data.
- Streamline processes by indicating internal classification levels.
- Manage checklists to validate specific steps when handling a case or alert.
- Enhance data analysis through tagging, for example, identifying incidents involving VIPs.
Types#
You can define custom fields in the following formats:
- String: Text input
- Boolean: True/false values
- Integer: Whole numbers
- Float: Decimal numbers
- Date: Specific dates
- URL: Web links
Permissions#
Administrator access required
Only users with an admin-type profile that has the manageCustomField permission can create, edit, or delete custom fields in TheHive.
After creation, custom fields are automatically available to all users across your organizations, allowing them to add the fields to cases and alerts.