Skip to main content

Create Case

Create case by parameters.

Basic Parameters

ParameterDescription
AssigneeUser to assign the case to.
DescriptionDescription of the case, supports markdown.
Status-
Title-

Advanced Parameters

ParameterDescription
Custom Fields-
End Date-
Flag-
Observable Rule-
PAPPrioritized Asset Profile, the severity level that is used to indicate the importance of an asset.

White: The asset is not critical.

Green: The asset is important, but not critical.

Amber: The asset is critical.

Red: The asset is essential.
Severity-
Start Date-
Summary-
TLPTraffic Light Protocol, a set of designations used to ensure that sensitive information is shared with the appropriate audience.

CLEAR: unlimited formerly.

GREEN: community-wide.

AMBER: limited distribution.

AMBER+STRICT: restricts sharing to the organization only.

RED: personal for named recipients only.
Tags-
Task Rule-

Example Output

{
    "_createdAt": 1640000000000,
    "_createdBy": "string",
    "_id": "string",
    "_type": "string",
    "_updatedAt": 1640000000000,
    "_updatedBy": "string",
    "alertDate": 1640000000000,
    "alertImportedDate": 1640000000000,
    "alertInProgressDate": 1640000000000,
    "alertNewDate": 1640000000000,
    "assignee": "string",
    "closedDate": 1640000000000,
    "customFields": [
        {
            "_id": "string",
            "name": "string",
            "order": 0,
            "type": "string",
            "value": ""
        }
    ],
    "description": "string",
    "endDate": 1640000000000,
    "extraData": {},
    "flag": false,
    "handlingDuration": 0,
    "impactStatus": "string",
    "inProgressDate": 1640000000000,
    "newDate": 1640000000000,
    "number": 0,
    "pap": 0,
    "papLabel": "string",
    "severity": 0,
    "severityLabel": "string",
    "stage": "The value of the stage depends on the status of the case. Can be one of 'New' 'InProgress' or 'Closed'",
    "startDate": 1640000000000,
    "status": "string",
    "summary": "string",
    "tags": [
        "string"
    ],
    "timeToAcknowledge": 0,
    "timeToDetect": 0,
    "timeToQualify": 0,
    "timeToResolve": 0,
    "timeToTriage": 0,
    "title": "string",
    "tlp": 0,
    "tlpLabel": "string",
    "userPermissions": [
        "string"
    ]
}

Workflow Library Example

Create Case with Thehive and Send Results Via Email

Workflow LibraryPreview this Workflow on desktop