Widgets in Case Report Templates#
Several widget types are available for case report templates to customize what information appears in your case reports in TheHive. Widgets are configurable components that display specific case data in different formats.
Text widget#
Displays formatted text, with support for case variables and TheHive-flavored Markdown.
Text widget configuration includes:
- A title for the text block
- The content of the text block, with the option to include case variables
Format your text block using TheHive-flavored Markdown syntax.
Available variables
You can insert variables into certain fields and widgets such as the header, footer, and text widget by selecting Add variable.
Helpers using Mustache syntax
Data transformation helpers#
| Helper | Description | Usage | Output |
|---|---|---|---|
tlpLabel |
Format the tlp field of the object |
{{ tlpLabel object.tlp }} |
Amber |
papLabel |
Format the pap field of the object |
{{ papLabel object.pap }} |
Amber |
severityLabel |
Format the severity field of the object |
{{ severityLabel object.severity }} |
Critical |
dateFormat |
Format a date field of the object using Java date time patterns | {{dateFormat audit._createdAt "EEEEE dd MMMMM yyyy" "fr" }} |
jeudi 01 septembre 2022 |
Standard string helpers can be found in the official Handlebars documentation.
Conditional helpers#
Examples:
- Displays Medium if
case.severityequals 2, otherwise displays Other:
{{#if (eq case.severity 2) }}
Medium
{{else}}
Other
{{/if}}
- Displays the threat actor value only if
case.customFieldValues.threat-actoris defined:
{{#if case.customFieldValues.threat-actor}}
Threat Actor: {{case.customFieldValues.threat-actor}}
{{/if}}
Find additional supported operators in the official Handlebars documentation.
Image widget#
Displays an image to visually support the report content.
Supported image formats
Image widgets only support JPG, JPEG, and PNG formats.
Image widget configuration includes:
- A title for the image
- An image that you can upload by dragging and dropping or selecting from your computer
Table widget#
Displays structured data in a tabular format, based on selected case elements.
Table widget configuration includes:
- A title for the table
- A parameter selection to choose from observables, tasks, TTPs, alerts, or custom fields, along with the data to display
Protect observable URLs
Turn on the Protect data? toggle to defang URLs and prevent accidental clicks.
- Sorting rules and filters to refine the displayed data
List widget#
Displays a simplified list of observables, tasks, TTPs, or alerts.
List widget configuration includes:
- A title for the list
- A parameter selection to choose from observables, tasks, TTPs, or alerts, along with the data to display
Protect observable URLs
Turn on the Protect data? toggle to defang URLs and prevent accidental clicks.
- Sorting rules and filters to refine the displayed data
Timeline widget#
Displays case activity in a chronological list format.
Timeline widget configuration includes:
- A title for the timeline
- A selection of multiple parameters, allowing you to choose from alerts, case events, tasks, task logs, sighted indicators of compromise (IOCs), and TTPs
- Custom events
5.5 You can choose if you want to display custom events with or without their descriptions.
Comments widget#
Displays case comments with optional filters and a maximum display limit.
Comments widget configuration includes:
- A title for the comments widget
- The maximum number of comments to display
- Filters to refine the displayed comments
Pages widget#
Displays selected case pages.
Pages widget configuration includes:
- A title for the pages widget
- Filters to refine the displayed pages