Update alert by alert ID.

Basic Parameters

ParameterDescription
Alert IDThe _id of the entity or its ‘name’ (depends of the entity).
AssigneeThe username of the analyst this resource should be assigned to.
DescriptionThe main detailed description and context for the resource.
StatusThe status of the resource.
TitleA short, descriptive title for the resource.
TypeThe category or type of the alert.

Advanced Parameters

ParameterDescription
Add TagsThose tags will be added to the current alert.
Custom FieldsCustom fields as an array of objects.For more information about the Custom Fields parameter, visit TheHive API documentation.
DateThe timestamp (milliseconds epoch) for when the event occurred. Defaults to the time the alert is created if omitted.
External LinkA URL linking back to the alert or event in the source system.
Follow-
Last Sync Date-
PAPPrioritized Asset Profile, the severity level that is used to indicate the importance of an asset.White: The asset is not critical.Green: The asset is important, but not critical.Amber: The asset is critical.Red: The asset is essential.
Remove TagsThose tags will be removed from the current alert.
SeverityThe severity level of the resource.
SourceThe source system or tool that generated the alert.
Source RefThe unique identifier for this alert within its original source system.
SummaryA brief summary of the resource.
TLPTraffic Light Protocol, a set of designations used to ensure that sensitive information is shared with the appropriate audience.CLEAR: unlimited formerly.GREEN: community-wide.AMBER: limited distribution.AMBER+STRICT: restricts sharing to the organization only.RED: personal for named recipients only.
TagsAn array of keywords (tags) as strings to categorize the resource.

Workflow Library Example

Update Alert with Thehive and Send Results Via Email

Preview this Workflow on desktop