About Custom Fields#
Custom fields provide a way to extend the default set of fields available in cases and alerts, allowing additional, organization-specific information to be recorded.
This topic provides a general overview of custom field usage in TheHive.
Use cases#
In TheHive, custom fields add structure and flexibility to cases and alerts in the following ways:
- Provide context to cases or alerts, such as the geographic location of an incident or its severity level
- Support organizational alignment by specifying the relevant business unit or team
- Enable integration with external tools by including identifiers, adding related data, or linking directly to external resources
- Streamline processes by indicating internal classification levels
- Manage checklists to validate specific steps when handling a case or alert
- Enhance data analysis through tagging, for example, identifying incidents involving VIPs
Types#
Custom fields support the following types:
- String: Text input
- Boolean: True/false values
- Integer: Whole numbers
- Float: Decimal numbers
- Date: Specific dates
- URL: Web links
Expected values#
Custom fields support two types of input values:
- Free text: Accepts manually entered values without restrictions.
- Dropdown list: Offers a predefined set of selectable options.
Completion rules#
Custom fields can be configured as either optional or mandatory. Mandatory fields must be completed before a case or an alert can be closed.
Permissions#
Required permissions
Only users with an admin-type profile that has the manageCustomField
permission can create, edit, or delete custom fields in TheHive.
Required permissions
Only users with the manageCase/update
or manageAlert/update
permission can add, remove, or enter values in custom fields in cases and alerts in TheHive.