How to Close an Alert

This topic provides step-by-step instructions for closing an alert in TheHive.

Close an alert if it doesn't require escalation into a new or existing case for further investigation. This may happen, for example, if the alert is a false positive or a duplicate.

Required permissions

Only users with the manageAlert/update permission can close alerts in TheHive.

Procedure

1. Find the alert you want to close.

2. In the alert description, select .

   

3. In the Change the alert status drawer, select the status that explains why the alert wasn't escalated to a new or existing case for further investigation.

4. Optional: Enter a summary describing why the alert wasn't escalated to a case.

   5.5 You can add a full-size image by dropping it into the Summary field or selecting the symbol.

   Wait for the upload to complete

   Wait until the image path appears in parentheses. If it doesn’t, the upload is still in progress, and the image won’t display as expected.

5. Add or remove values in custom fields as needed.

   Custom fields completion

   You must complete all mandatory custom fields to close an alert.

6. Select Confirm.

Next steps

• New Case from Selection
• Merge Alerts