Skip to content

How to Configure the Mattermost Notifier#

Platinum

This topic provides step-by-step instructions for configuring the Mattermost notifier in TheHive.

Notifier availability

The Mattermost notifier is available only when you turn off the Send notification to every user in the organization toggle and use one of the following triggers: - AnyEvent
- FilteredEvent
- ActionFinished
- CaseClosed
- CaseCreated
- CaseFlagged
- CaseShared
- AlertClosed
- AlertCreated
- AlertImported
- JobFinished
- AlertObservableCreated
- CaseObservableCreated
- ObservableCreated
- TaskClosed
- TaskMandatory

Required permissions

Only users with the manageConfig permission can manage notifications in TheHive.

Procedure

  1. Go to the Organization view from the sidebar menu.

    Organization view

  2. Select the Notifications tab.

    Notifications tab

  3. Select and then Edit.

  4. Select the Mattermost notifier.

  5. In the Mattermost drawer, enter the following information:

    - Endpoint

    Using Mattermost as a notifier requires at least one endpoint. This endpoint defines how TheHive connects to Mattermost.

    Select an existing endpoint. Endpoints can be local, defined at the organization level, or global, defined at the client level for one or more organizations. You can add a new local endpoint by selecting Add a new endpoint.

    - Channel

    The Mattermost channel where you want to send the data. This overrides the default channel set in the endpoint configuration.

    - Username

    The username that will appear as the sender of the message in Mattermost. This overrides the default username set in the endpoint configuration.

    - Template

    The message content to send to the Mattermost endpoint. Select JSON, Markdown, or plain text.

    Available variables

    You can use variables in certain fields by selecting Add variable. Refer to the Variable Usage Examples topic for detailed examples.

    Conditional helpers using Mustache syntax

    Example: 

    {{#if (eq object.severity 2) }}MEDIUM {{else}}Other {{/if}}
    Find additional supported operators in the official Handlebars documentation.

    Data formatting helpers

    The following helpers are available to format your data:

    Helper Description Usage Output
    tlpLabel Format the tlp field of the object {{ tlpLabel object.tlp }} Amber
    papLabel Format the pap field of the object {{ papLabel object.pap }} Amber
    severityLabel Format the severity field of the object {{ severityLabel object.severity }} Critical
    dateFormat Format a date field of the object using Java date time patterns {{dateFormat audit._createdAt "EEEEE dd MMMMM yyyy" "fr" }} jeudi 01 septembre 2022

    Standard string helpers can be found in the official Handlebars documentation.

  6. Select Confirm.

Next steps