About Custom Fields

Custom fields provide a way to extend the default set of fields available in cases and alerts, allowing additional, organization-specific information to be recorded.

This topic provides a general overview of custom field usage in TheHive.

Use cases

In TheHive, custom fields add structure and flexibility to cases and alerts in the following ways:

• Provide context to cases or alerts, such as the geographic location of an incident or its severity level
• Support organizational alignment by specifying the relevant business unit or team
• Enable integration with external tools by including identifiers, adding related data, or linking directly to external resources
• Streamline processes by indicating internal classification levels
• Manage checklists to validate specific steps when handling a case or alert
• Enhance data analysis through tagging, for example, identifying incidents involving VIPs

Types

Custom fields support the following types:

• String: Text input
• Boolean: True/false values
• Integer: Whole numbers
• Float: Decimal numbers
• Date: Specific dates
• URL: Web links

Expected values

Custom fields support two types of input values:

• Free text: Accepts manually entered values without restrictions.
• Dropdown list: Offers a predefined set of selectable options.

Completion rules

Custom fields can be configured as either optional or mandatory. Mandatory fields must be completed before a case or an alert can be closed.

Permissions

Required permissions

Only users with an admin-type profile that has the manageCustomField permission can create, edit, or delete custom fields in TheHive.

Required permissions

Only users with the manageCase/update or manageAlert/update permission can add, remove, or enter values in custom fields in cases and alerts in TheHive.

Next steps

• Create a Custom Field
• Manage Custom Fields
• Delete a Custom Field
• Add Custom Fields
• Remove Custom Fields
• Enter Values in Custom Fields