Create alert by parameters.

Basic Parameters

ParameterDescription
DescriptionThe main detailed description and context for the resource.
SourceThe source system or tool that generated the alert.
Source RefThe unique identifier for this alert within its original source system.
TitleA short, descriptive title for the resource.
TypeThe category or type of the alert.

Advanced Parameters

ParameterDescription
AssigneeUser to assign the alert to.
Case TemplateA specific case template to apply automatically if this alert is promoted to a case.
Custom FieldsCustom fields as an array of objects.For more information about the Custom Fields parameter, visit TheHive API documentation.
DateThe timestamp (milliseconds epoch) for when the event occurred. Defaults to the time the alert is created if omitted.
External LinkA URL linking back to the alert or event in the source system.
FlagSet to true to visually flag the resource in the user interface for attention.
ObservablesAn array of observable objects related to this alert.
PAPPrioritized Asset Profile, the severity level that is used to indicate the importance of an asset.White: The asset is not critical.Green: The asset is important, but not critical.Amber: The asset is critical.Red: The asset is essential.
ProceduresList of procedures (TTPs) to link the alert to.
SeverityThe severity level of the resource.
StatusThe status of the resource.
SummaryA brief summary of the resource.
TLPTraffic Light Protocol, a set of designations used to ensure that sensitive information is shared with the appropriate audience.CLEAR: unlimited formerly.GREEN: community-wide.AMBER: limited distribution.AMBER+STRICT: restricts sharing to the organization only.RED: personal for named recipients only.
TagsAn array of keywords (tags) as strings to categorize the resource.

Example Output

{
	"_createdAt": 1640000000000,
	"_createdBy": "string",
	"_id": "string",
	"_type": "string",
	"_updatedAt": 1640000000000,
	"_updatedBy": "string",
	"assignee": "string",
	"caseId": "string",
	"caseTemplate": "string",
	"closedDate": 1640000000000,
	"customFields": [
		{
			"_id": "string",
			"name": "string",
			"order": 0,
			"type": "string",
			"value": ""
		}
	],
	"date": 1640000000000,
	"description": "string",
	"externalLink": "string",
	"extraData": {},
	"follow": false,
	"importedDate": 1640000000000,
	"inProgressDate": 1640000000000,
	"newDate": 1640000000000,
	"observableCount": 0,
	"pap": 0,
	"papLabel": "string",
	"severity": 0,
	"severityLabel": "string",
	"source": "string",
	"sourceRef": "string",
	"stage": "string",
	"status": "string",
	"summary": "string",
	"tags": [
		"string"
	],
	"timeToAcknowledge": 0,
	"timeToDetect": 0,
	"timeToQualify": 0,
	"timeToTriage": 0,
	"title": "string",
	"tlp": 0,
	"tlpLabel": "string",
	"type": "string"
}

Workflow Library Example

Create Alert with Thehive and Send Results Via Email

Preview this Workflow on desktop