Basic Parameters
| Parameter | Description |
|---|---|
| Assignee | The username of the analyst this resource should be assigned to. |
| Case Name or ID | The name or the ID of the case. |
| Status | The status of the resource. |
| Title | A short, descriptive title for the resource. |
Advanced Parameters
| Parameter | Description |
|---|---|
| Add Tags | Those tags will be added to the current case. |
| Custom Fields | Custom fields as an array of objects. For more information about the Custom Fields parameter, visit TheHive API documentation. |
| Description | The main detailed description and context for the resource. |
| End Date | - |
| Flag | Set to true to visually flag the resource in the user interface for attention. |
| Impact Status | - |
| Observable Rule | - |
| PAP | Prioritized Asset Profile, the severity level that is used to indicate the importance of an asset. White: The asset is not critical. Green: The asset is important, but not critical. Amber: The asset is critical. Red: The asset is essential. |
| Remove Tags | Those tags will be removed from the current case. |
| Severity | The severity level of the resource. |
| Start Date | - |
| Summary | A brief summary of the resource. |
| TLP | Traffic Light Protocol, a set of designations used to ensure that sensitive information is shared with the appropriate audience. CLEAR: unlimited formerly. GREEN: community-wide. AMBER: limited distribution. AMBER+STRICT: restricts sharing to the organization only. RED: personal for named recipients only. |
| Tags | Set the case tags to this array. |
| Task Rule | - |
Workflow Library Example
Update Case with Thehive and Send Results Via Email