About Taxonomies

Taxonomies are catalogs of structured tags managed in TheHive. They're one of the tag categories that can be added to cases, alerts, or observables.

This topic explains how taxonomies work.

Sources

Taxonomies can be created in two ways:

• From MISP: MISP taxonomies are imported by default when you install TheHive.

  Manual activation required

  By default, MISP taxonomies aren't activated. You must activate them manually.

• From custom files: You can import custom taxonomies as needed.

Actions

MISP taxonomy upgrades

TheHive includes the version of MISP taxonomies available at the time of installation. Upgrading TheHive doesn't automatically update MISP taxonomies. To update them, you must perform a manual update.

You can't modify taxonomies or their tags.

However, you can:

• Deactivate taxonomies
• Delete taxonomies

Permissions

Required permissions

Only users with an admin-type profile that has the manageTaxonomy permission can manage taxonomies in TheHive.

Once created, tags from activated taxonomies are available to add to cases, alerts, and observables.

Next steps

• Activate Deactivate a Taxonomy
• Add a Custom Taxonomy
• Update MISP Taxonomies
• Delete a Taxonomy