Configure the Mattermost Notifier

manageConfig Platinum

Configure the Mattermost notifier in TheHive.

Notifier availability

The Mattermost notifier is available only when you turn off the Send notification to every user in the organization toggle and use one of the following triggers:

• AnyEvent
• FilteredEvent
• ActionFinished
• CaseClosed
• CaseCreated
• CaseFlagged
• CaseShared
• AlertClosed
• AlertCreated
• AlertImported
• JobFinished
• AlertObservableCreated
• CaseObservableCreated
• ObservableCreated
• TaskClosed
• TaskMandatory

Procedure

1. Go to the Organization view from the sidebar menu.

   

2. Select the Notifications tab.

   

3. Select and then Edit.

4. Select the Mattermost notifier.

5. In the Mattermost drawer, enter the following information:

   - Endpoint

   Using Mattermost as a notifier requires at least one endpoint. This endpoint defines how TheHive connects to Mattermost.

   Select an existing endpoint. Endpoints can be local, defined at the organization level, or global, defined at the client level for one or more organizations. You can add a new local endpoint by selecting Add a new endpoint.

   - Channel

   The Mattermost channel where you want to send the data. This overrides the default channel set in the endpoint configuration.

   - Username

   The username that will appear as the sender of the message in Mattermost. This overrides the default username set in the endpoint configuration.

   - Template

   The message content to send to the Mattermost endpoint. Select JSON, Markdown, or plain text.

   Available variables

   You can use variables in certain fields by selecting Add variable. Refer to the Variable Usage Examples topic for detailed examples.

   Helpers using Mustache syntax

   Data transformation helpers

   Helper	Description	Usage	Output
   tlpLabel	Format the tlp field of the object	{{ tlpLabel object.tlp }}	Amber
   papLabel	Format the pap field of the object	{{ papLabel object.pap }}	Amber
   severityLabel	Format the severity field of the object	{{ severityLabel object.severity }}	Critical
   dateFormat	Format a date field of the object using Java date time patterns	{{dateFormat audit._createdAt "EEEEE dd MMMMM yyyy" "fr" }}	jeudi 01 septembre 2022

   Standard string helpers can be found in the official Handlebars documentation.

   Conditional helpers

   Examples:

   • Displays Medium if case.severity equals 2, otherwise displays Other:

   {{#if (eq case.severity 2) }}
       Medium
   {{else}}
       Other 
   {{/if}}
   

   • Displays the threat actor value only if case.customFieldValues.threat-actor is defined:

   {{#if case.customFieldValues.threat-actor}}
       Threat Actor: {{case.customFieldValues.threat-actor}}
   {{/if}}
   

   Find additional supported operators in the official Handlebars documentation.

6. Select Confirm.

Next steps

• Turn Off a Notification
• Delete a Notification