About Custom Tags

Custom tags are one of the tag categories in TheHive.

These free-text labels are created when users add them to cases, alerts, or observables.

This topic explains how custom tags work.

Scope

Custom tags are specific to a single organization and can't be shared between organizations or TheHive instances. You can include sensitive data in tags without the risk of data leakage outside the organization.

Sources

Custom tags can be created:

• Manually by users when added to cases, alerts, or observables
• Automatically by connected external tools
• Automatically by email servers
• Automatically by alert feeders

Actions

• Create custom tags by adding them directly to cases, alerts, and observables. You can't add a custom tag that already exists in a taxonomy, even if the taxonomy is deactivated.

  Consistent naming

  Tag usage must be consistent, as TheHive doesn't enforce standardization. For example, tags with different formatting, such as Phishing and phishing, are treated as separate tags.

• Manage custom tags by:

  • Changing the color of a custom tag
  • Renaming a custom tag
  • Deleting a custom tag

  Changes applied everywhere

  Modifying or deleting a custom tag applies to all instances of that tag across cases, alerts, and observables within the organization.

• View the number of times a custom tag appears in cases, case templates, alerts, and observables. This helps with cleanup and maintaining consistent naming.

Permissions

Required permissions

Only users with the manageTag permission can manage custom tags in TheHive.

Users can create new custom tags by adding them directly to cases, alerts, and observables.

Next steps

• Change the Color of a Custom Tag
• Rename a Custom Tag
• View Custom Tag Statistics
• Delete a Custom Tag