Skip to main content
Create case by parameters.

Basic Parameters

ParameterDescription
AssigneeUser to assign the case to.
DescriptionDescription of the case, supports markdown.
StatusThe status of the resource.
TitleA short, descriptive title for the resource.

Advanced Parameters

ParameterDescription
Custom FieldsCustom fields as an array of objects.

For more information about the Custom Fields parameter, visit TheHive API documentation.
End Date-
FlagSet to true to visually flag the resource in the user interface for attention.
Observable Rule-
PAPPrioritized Asset Profile, the severity level that is used to indicate the importance of an asset.

White: The asset is not critical.

Green: The asset is important, but not critical.

Amber: The asset is critical.

Red: The asset is essential.
SeverityThe severity level of the resource.
Start Date-
SummaryA brief summary of the resource.
TLPTraffic Light Protocol, a set of designations used to ensure that sensitive information is shared with the appropriate audience.

CLEAR: unlimited formerly.

GREEN: community-wide.

AMBER: limited distribution.

AMBER+STRICT: restricts sharing to the organization only.

RED: personal for named recipients only.
TagsAn array of keywords (tags) as strings to categorize the resource.
Task Rule-

Example Output

{
	"_createdAt": 1640000000000,
	"_createdBy": "string",
	"_id": "string",
	"_type": "string",
	"_updatedAt": 1640000000000,
	"_updatedBy": "string",
	"alertDate": 1640000000000,
	"alertImportedDate": 1640000000000,
	"alertInProgressDate": 1640000000000,
	"alertNewDate": 1640000000000,
	"assignee": "string",
	"closedDate": 1640000000000,
	"customFields": [
		{
			"_id": "string",
			"name": "string",
			"order": 0,
			"type": "string",
			"value": ""
		}
	],
	"description": "string",
	"endDate": 1640000000000,
	"extraData": {},
	"flag": false,
	"handlingDuration": 0,
	"impactStatus": "string",
	"inProgressDate": 1640000000000,
	"newDate": 1640000000000,
	"number": 0,
	"pap": 0,
	"papLabel": "string",
	"severity": 0,
	"severityLabel": "string",
	"stage": "The value of the stage depends on the status of the case. Can be one of 'New' 'InProgress' or 'Closed'",
	"startDate": 1640000000000,
	"status": "string",
	"summary": "string",
	"tags": [
		"string"
	],
	"timeToAcknowledge": 0,
	"timeToDetect": 0,
	"timeToQualify": 0,
	"timeToResolve": 0,
	"timeToTriage": 0,
	"title": "string",
	"tlp": 0,
	"tlpLabel": "string",
	"userPermissions": [
		"string"
	]
}

Workflow Library Example

Create Case with Thehive and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop