How to Find Similar Alerts or Cases#
This topic provides step-by-step instructions for finding similar alerts and cases in TheHive.
Similarity checks between cases and alerts are based on observables.
Find similar alerts#
-
Find the alert or case you want to compare for similarity.
-
Select the Similar alerts tab.
-
Select See all in the Matches column to view the list of common observables.
Performance optimization
To optimize performance, a maximum of 100 observables are displayed in the Matches drawer. Users with an admin-type profile can adjust this limit in the
application.conffile. However, increasing it beyond 100 may impact application performance. Proceed with caution when modifying this setting, as performance can't be guaranteed if the limit is raised.
Find similar cases#
-
Find the alert or case you want to compare for similarity.
-
Select the Similar cases tab.
-
Select See all in the Matches column to view the list of common observables.
Performance optimization
To optimize performance, a maximum of 100 observables are displayed in the Matches drawer. Users with an admin-type profile can adjust this limit in the
application.conffile. However, increasing it beyond 100 may impact application performance. Proceed with caution when modifying this setting, as performance can't be guaranteed if the limit is raised.