Create Alert
Create alert by parameters.
Basic Parameters
| Parameter | Description |
|---|---|
| Description | - |
| Source | - |
| Source Ref | - |
| Title | - |
| Type | - |
Advanced Parameters
| Parameter | Description |
|---|---|
| Assignee | User to assign the alert to. |
| Case Template | - |
| Custom Fields | - |
| Date | - |
| External Link | - |
| Flag | - |
| Observables | - |
| PAP | Prioritized Asset Profile, the severity level that is used to indicate the importance of an asset. White: The asset is not critical. Green: The asset is important, but not critical. Amber: The asset is critical. Red: The asset is essential. |
| Procedures | List of procedures (TTPs) to link the alert to. |
| Severity | - |
| Status | - |
| Summary | - |
| TLP | Traffic Light Protocol, a set of designations used to ensure that sensitive information is shared with the appropriate audience. CLEAR: unlimited formerly. GREEN: community-wide. AMBER: limited distribution. AMBER+STRICT: restricts sharing to the organization only. RED: personal for named recipients only. |
| Tags | - |
Example Output
{
"_createdAt": 1640000000000,
"_createdBy": "string",
"_id": "string",
"_type": "string",
"_updatedAt": 1640000000000,
"_updatedBy": "string",
"assignee": "string",
"caseId": "string",
"caseTemplate": "string",
"closedDate": 1640000000000,
"customFields": [
{
"_id": "string",
"name": "string",
"order": 0,
"type": "string",
"value": ""
}
],
"date": 1640000000000,
"description": "string",
"externalLink": "string",
"extraData": {},
"follow": false,
"importedDate": 1640000000000,
"inProgressDate": 1640000000000,
"newDate": 1640000000000,
"observableCount": 0,
"pap": 0,
"papLabel": "string",
"severity": 0,
"severityLabel": "string",
"source": "string",
"sourceRef": "string",
"stage": "string",
"status": "string",
"summary": "string",
"tags": [
"string"
],
"timeToAcknowledge": 0,
"timeToDetect": 0,
"timeToQualify": 0,
"timeToTriage": 0,
"title": "string",
"tlp": 0,
"tlpLabel": "string",
"type": "string"
}
Workflow Library Example
Create Alert with Thehive and Send Results Via Email
Preview this Workflow on desktop