Find Similar Alerts or Cases#
Find similar alerts and cases in TheHive to identify related incidents and correlate information across your investigations. Similarity checks between cases and alerts are based on observables.
Filters
Select the filters you want to apply on the Similar cases and Similar alerts tabs to find what you need faster.
Find similar alerts#
-
Find the alert or case you want to compare for similarity.
-
Select the Similar alerts tab.
Applying filters and views
Apply filters and sorting and save preferences using views.
-
Select See all in the Matches column to view the list of common observables.
Performance optimization
To optimize performance, a maximum of 100 observables are displayed in the Matches drawer. Users with an admin-type profile can adjust this limit in the
application.conffile. However, increasing it beyond 100 may impact application performance. Proceed with caution when modifying this setting, as performance can't be guaranteed if the limit is raised.
Find similar cases#
-
Find the alert or case you want to compare for similarity.
-
Select the Similar cases tab.
Applying filters and views
Apply filters and sorting and save preferences using views.
-
Select See all in the Matches column to view the list of common observables.
Performance optimization
To optimize performance, a maximum of 100 observables are displayed in the Matches drawer. Users with an admin-type profile can adjust this limit in the
application.conffile. However, increasing it beyond 100 may impact application performance. Proceed with caution when modifying this setting, as performance can't be guaranteed if the limit is raised.