About Taxonomies

Taxonomies are catalogs of structured tags managed in TheHive. They belong to one of the tag categories available for cases, alerts, or observables.

This topic explains how taxonomies work.

Sources

TheHive supports two ways to create taxonomies:

• From MISP: TheHive imports MISP taxonomies by default during installation.

  Manual activation required

  By default, MISP taxonomies aren't activated. Administrators must activate them manually.

• From custom files: Administrators can import custom taxonomies as needed.

Actions

MISP taxonomy upgrades

TheHive includes the version of MISP taxonomies available at the time of installation. Upgrading TheHive doesn't automatically update MISP taxonomies. Updating them requires performing a manual update.

TheHive doesn't allow modifying taxonomies or their tags.

However, administrators can:

• Deactivate taxonomies
• Delete taxonomies

Permissions

Required permissions

Only users with an admin-type profile that has the manageTaxonomy permission can manage taxonomies in TheHive.

Once created, tags from activated taxonomies are available to add to cases, alerts, and observables.

Next steps

• Activate or Deactivate a Taxonomy
• Add a Custom Taxonomy
• Update MISP Taxonomies
• Delete a Taxonomy