About Statuses

The status represents the current state of a case or alert.

This article explains how statuses works in TheHive.

Task statuses

This page doesn't cover task statuses, which are hard-coded in TheHive. They can't be modified, deleted, or extended.

Predefined statuses

TheHive includes a set of predefined statuses. You can change their color or hide them to guide users toward using the custom statuses you have created.

Attributes

Each status is associated with:

• A stage: TheHive includes four predefined stages—New, Imported, In progress, and Closed. Stages are hard-coded and can't be modified, deleted, or extended.

  Imported stage

  The Imported stage isn't available for selection in the interface. It is linked to an Imported status that is applied when an alert is merged into an existing case or a new case.

• 5.5 A visibility: The status is either displayed or hidden in TheHive interface.

• A color: The color should help users easily recognize the status.

Behavior

Alert status restrictions

You can't switch back to a status linked to the New or In progress stage if the alert is currently in a status linked to the Closed stage. The same restriction applies when trying to switch from In progress back to New.

• Statuses linked to the In progress stage are available at any time for cases, but only when starting work on an alert for alerts.

• Statuses linked to the Closed stage can only be selected when closing a case or closing an alert.

Permissions

Required permissions

Only users with an admin-type profile that has the managePlatform permission can manage case and alert statuses in TheHive.

After creation, statuses are available to users in cases and alerts.

Next steps

• Create a Status
• Change a Status Visibility
• Change a Status Color
• Delete a Status