Skip to content

How to Create a Function#

5.1 Platinum

This topic provides step-by-step instructions for creating a function in TheHive.

Required permissions

  • Only users with the manageFunction/create permission can create a function in TheHive.
  • Only users with the manageFunction/invoke permission can invoke a function in TheHive.
  • Only users with the manageAction permission can run a function in TheHive.

Procedure

  1. Go to the Organization view from the sidebar menu.

    Organization view

  2. Select the Functions tab.

    Functions tab

  3. Select .

  4. In the Create function drawer:

    - Name *

    Enter the function name, which you will use in your HTTP call to invoke the function.

    - Mode *

    Select the mode you want to apply to the function. For more details on the available options, see About Functions.

    - Types *

    Select the type of the function. For more details on the available options, see About Functions.

    - Description

    Enter a brief description of the function’s purpose.

    - Definition *

    Enter the JavaScript code for your function. If you need inspiration, check out the GitHub repository with function examples.

    Basic function structure

    In TheHive, a function follows this basic structure:

    function handle(input, context) {
    // Your function logic goes here
}
    • The handle function: This is where you write your script. Your function must be placed inside this structure.
    • The input parameter: This represents the data passed into the function. Its content depends on how the function is triggered.
    • The context parameter: This provides access to TheHive’s environment, allowing your function to interact with common TheHive actions.

    Duplicate management

    Make sure to implement duplicate management in your functions to prevent duplicate objects.

  5. In the Test function section, you can test your function as follows:

    • Enter input data by selecting input.

    • Select one of the following:

      • Run function (dry-run) to simulate the function without sending data.
      • Run function to execute the function with actual data.

    • After running the function, select one of the following to view results:

      • result to view the function’s output
      • stdout to display standard output from the function
      • stderr to display errors and warnings

  6. Select Save.

Next steps