About Custom Fields#
Custom fields let you add additional information beyond the default fields in cases and alerts.
This topic provides a general overview of custom field usage in TheHive.
Use cases#
In TheHive, custom fields are used to:
- Provide context to cases or alerts, such as the geographic location of an incident or its severity level
- Support organizational alignment by specifying the relevant business unit or team
- Enable integration with external tools by including identifiers, adding related data, or linking directly to external resources
- Streamline processes by indicating internal classification levels
- Manage checklists to validate specific steps when handling a case or alert
- Enhance data analysis through tagging, for example, identifying incidents involving VIPs
Types#
Custom fields support the following types:
- String: Text input
- Boolean: True/false values
- Integer: Whole numbers
- Float: Decimal numbers
- Date: Specific dates
- URL: Web links
Expected values#
The values you can enter in custom fields fall into two categories:
- Free text: Users can manually enter any value.
- Dropdown list: Users choose from predefined options.
Completion rules#
Custom fields can be either optional or mandatory. You must complete all mandatory custom fields before closing a case or an alert.
Permissions#
Required permissions
Only users with an admin-type profile that has the manageCustomField permission can create, edit, or delete custom fields in TheHive.
Required permissions
Only users with the manageCase/update permission can add, remove, or enter values in custom fields in cases and alerts in TheHive.