About Task Logs

This topic explains what task logs are and how they're used in TheHive.

Definition

A task log—also referred to as an activity—is where analysts record their actions, observations, and decisions in response to a task.

Sources

Analysts should create a task log whenever they perform or complete a meaningful action, observation, or decision related to the task. Certain task logs can be automated, but analytical insights and contextual observations typically require manual input.

Examples

No observables allowed

Task logs should never include observables. Doing so can make data unsearchable, disorganized, and prevent export to MISP. Additionally, links within task logs are clickable, which can be risky.

Tasks logs can include actions such as:

• Investigating authentication, VPN, or endpoint activity
• Reviewing system or script execution logs
• Identifying signs of lateral movement or account compromise

• Running targeted scans for potential exposures

• Applying network or system-level containment measures

• Providing awareness or policy guidance to employees

• Implementing or reinforcing data protection policies

• Tuning detection rules for improved accuracy

• Updating workflows or processes based on incident findings

• Documenting insights or lessons learned

Format

Task logs can include text using TheHive-flavored Markdown syntax or images.

Permissions

Required permissions

Only users with the manageTask permission can manage tasks and task logs in TheHive.

Next steps

• Create a Task Log
• Delete a Task Log
• Find a Task Log
• Find a Task