Replies: 1 comment
-
|
It is not possible to edit the software (from the user perspective) in such a manner at this time, but we are looking to improve the data and formatting provided to the case in the future (ex. source.ip, destination.ip, hashes as tags/observables). |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
I am building integrations between The Hive and additional alerting tools that I have within my environment. Ultimately, my goal is to click on the Escalate button to bring the alert to The Hive, which would then ultimately bring the alert to various other tools in my enterprise to provide awareness of the escalation to additional team members.
Unfortunately, by default The Hive only displays the Suricata Alert Name itself and also the "Message" field within the Alert which is a bit difficult to read through for my analysts that receive many alerts each day. I am looking to customize which specific Suricata fields that I am interesting in having The Hive display so that I can integrate those fields to be displayed within my other integrated tools. For example, the Observer.Name is not listed at all, and it would be nice to parse out Source.IP and Destination.IP fields so they are individually displayed rather than having to be found within the overall Description.
I have been able to identify the JSON file that I believe is referencing the fields that are all encompassed within the Description that is displayed within The Hive as seen in the screen shot below.
I have also been able to capture the POST request that I believe sends those various fields into the Description via the Escalate button using the /api/case endpoint.
My question is the following:
Beta Was this translation helpful? Give feedback.
All reactions