Actions
Update Alert
Update alert by alert ID.
Basic Parameters
Parameter | Description |
---|---|
Alert ID | The _id of the entity or its ‘name’ (depends of the entity). |
Assignee | The username of the analyst this resource should be assigned to. |
Description | The main detailed description and context for the resource. |
Status | The status of the resource. |
Title | A short, descriptive title for the resource. |
Type | The category or type of the alert. |
Advanced Parameters
Parameter | Description |
---|---|
Add Tags | Those tags will be added to the current alert. |
Custom Fields | Custom fields as an array of objects.For more information about the Custom Fields parameter, visit TheHive API documentation. |
Date | The timestamp (milliseconds epoch) for when the event occurred. Defaults to the time the alert is created if omitted. |
External Link | A URL linking back to the alert or event in the source system. |
Follow | - |
Last Sync Date | - |
PAP | Prioritized Asset Profile, the severity level that is used to indicate the importance of an asset.White: The asset is not critical.Green: The asset is important, but not critical.Amber: The asset is critical.Red: The asset is essential. |
Remove Tags | Those tags will be removed from the current alert. |
Severity | The severity level of the resource. |
Source | The source system or tool that generated the alert. |
Source Ref | The unique identifier for this alert within its original source system. |
Summary | A brief summary of the resource. |
TLP | Traffic Light Protocol, a set of designations used to ensure that sensitive information is shared with the appropriate audience.CLEAR: unlimited formerly.GREEN: community-wide.AMBER: limited distribution.AMBER+STRICT: restricts sharing to the organization only.RED: personal for named recipients only. |
Tags | An array of keywords (tags) as strings to categorize the resource. |
Workflow Library Example
Update Alert with Thehive and Send Results Via Email
Preview this Workflow on desktop