interface TheHiveNodeParameters {
additionalFields?:
| {
caseTemplate?: string;
customFieldsJson?: string;
customFieldsUi?: {
customFields: { field?: string; value?: string }[];
};
}
| { caseTemplate?: string };
analyzers?: unknown[];
artifactUi?: {
artifactValues: {
binaryProperty?: string;
data?: string;
dataType?: string;
message?: string;
tags?: string;
}[];
};
binaryProperty?: string;
caseId?: string;
data?: string;
dataType?: string;
date?: string;
description?: string;
filters?: | {
customFieldsUi?: {
customFields: { field?: string; value?: string }[];
};
description?: string;
follow?: boolean;
severity?: 1
| 3
| 2;
tags?: string;
title?: string;
tlp?: 0 | 1 | 3 | 2;
}
| {
data?: string;
dataType?: unknown[];
description?: string;
ioc?: boolean;
keyword?: string;
message?: string;
range?: {
dateRange: { fromDate?: string; toDate?: string };
};
sighted?: boolean;
Status?: "Ok"
| "Deleted";
tags?: string;
tlp?: 0 | 1 | 3 | 2;
}
| {
customFieldsUi?: {
customFields: { field?: string; value?: string }[];
};
description?: string;
endDate?: string;
flag?: boolean;
impactStatus?: | "NoImpact"
| "WithImpact"
| "NotApplicable";
owner?: string;
resolutionStatus?: | "Other"
| "Duplicated"
| "Indeterminate"
| "False Positive"
| "True Positive";
severity?: 1
| 3
| 2;
startDate?: string;
status?: "Open" | "Deleted" | "Resolved";
summary?: string;
tags?: string;
title?: string;
tlp?: 0 | 1 | 3 | 2;
}
| {
description?: string;
endDate?: string;
flag?: boolean;
owner?: string;
startDate?: string;
status?: | "Completed"
| "Waiting"
| "InProgress"
| "Cancel";
title?: string;
};
flag?: boolean;
follow?: boolean;
id?: string;
ioc?: boolean;
jsonParameters?: boolean;
limit?: number;
message?: string;
operation?: string;
options?: | { sort?: string }
| { includeSimilar?: boolean }
| { tags?: string }
| {
customFieldsJson?: string;
customFieldsUi?: {
customFields: { field?: string; value?: string }[];
};
endDate?: string;
metrics?: string;
summary?: string;
}
| {
description?: string;
endDate?: string;
owner?: string;
startDate?: string;
}
| {
attachmentValues?: {
attachmentValues: { binaryProperty?: string };
};
};
owner?: string;
resource?: | "task"
| "case"
| "log"
| "alert"
| "observable";
responder?: string;
returnAll?: boolean;
severity?: 1
| 3
| 2;
sighted?: boolean;
source?: string;
sourceRef?: string;
startDate?: string;
status?:
| "Completed"
| "New"
| "Updated"
| "Ignored"
| "Imported"
| "Ok"
| "Deleted"
| "Waiting"
| "InProgress"
| "Cancel";
tags?: string;
taskId?: string;
title?: string;
tlp?: 0
| 1
| 3
| 2;
type?: string;
updateFields?:
| {
artifactUi?: {
artifactValues: {
binaryProperty?: string;
data?: string;
dataType?: string;
message?: string;
tags?: string;
}[];
};
caseTemplate?: string;
customFieldsJson?: string;
customFieldsUi?: {
customFields: { field?: string; value?: string }[];
};
description?: string;
follow?: boolean;
severity?: 1
| 3
| 2;
status?: "New" | "Updated" | "Ignored" | "Imported";
tags?: string;
title?: string;
tlp?: 0 | 1 | 3 | 2;
}
| {
ioc?: boolean;
message?: string;
sighted?: boolean;
status?: "Ok"
| "Deleted";
tags?: string;
tlp?: 0 | 1 | 3 | 2;
}
| {
customFieldsJson?: string;
customFieldsUi?: {
customFields: { field?: string; value?: string }[];
};
description?: string;
endDate?: string;
flag?: boolean;
impactStatus?: | "NoImpact"
| "WithImpact"
| "NotApplicable";
metrics?: string;
owner?: string;
resolutionStatus?: | "Other"
| "Duplicated"
| "FalsePositive"
| "Indeterminate"
| "TruePositive";
severity?: 1
| 3
| 2;
startDate?: string;
status?: "Open" | "Deleted" | "Resolved";
summary?: string;
tags?: string;
title?: string;
tlp?: 0 | 1 | 3 | 2;
}
| {
description?: string;
endDate?: string;
flag?: boolean;
owner?: string;
startDate?: string;
status?: | "Completed"
| "Waiting"
| "InProgress"
| "Cancel";
title?: string;
};
}Properties§
§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§
readonly additional
| {
caseTemplate?: string;
customFieldsJson?: string;
customFieldsUi?: {
customFields: { field?: string; value?: string }[];
};
}
| { caseTemplate?: string }§
readonly analyzers?: unknown[]Choose from the list, or specify IDs using an expression Default: [] Type options: {"loadOptionsDependsOn":["id","dataType"],"loadOptionsMethod":"loadAnalyzers"}
readonly artifactArtifact attributes Default: {} Type options: {"multipleValues":true}
readonly binaryThe name of the input binary field that represent the attachment file Default: "data"
readonly case§readonly data?: string§readonly dataChoose from the list, or specify an ID using an expression Type options: {"loadOptionsMethod":"loadObservableTypes"}
readonly date?: stringDate and time when the alert was raised default=now
readonly description?: stringDescription of the alert
readonly filters?:
| {
customFieldsUi?: {
customFields: { field?: string; value?: string }[];
};
description?: string;
follow?: boolean;
severity?: 1
| 3
| 2;
tags?: string;
title?: string;
tlp?: 0 | 1 | 3 | 2;
}
| {
data?: string;
dataType?: unknown[];
description?: string;
ioc?: boolean;
keyword?: string;
message?: string;
range?: {
dateRange: { fromDate?: string; toDate?: string };
};
sighted?: boolean;
Status?: "Ok"
| "Deleted";
tags?: string;
tlp?: 0 | 1 | 3 | 2;
}
| {
customFieldsUi?: {
customFields: { field?: string; value?: string }[];
};
description?: string;
endDate?: string;
flag?: boolean;
impactStatus?: | "NoImpact"
| "WithImpact"
| "NotApplicable";
owner?: string;
resolutionStatus?: | "Other"
| "Duplicated"
| "Indeterminate"
| "False Positive"
| "True Positive";
severity?: 1
| 3
| 2;
startDate?: string;
status?: "Open" | "Deleted" | "Resolved";
summary?: string;
tags?: string;
title?: string;
tlp?: 0 | 1 | 3 | 2;
}
| {
description?: string;
endDate?: string;
flag?: boolean;
owner?: string;
startDate?: string;
status?: | "Completed"
| "Waiting"
| "InProgress"
| "Cancel";
title?: string;
}Default: {}
readonly flag?: booleanFlag of the case default=false
readonly follow?: booleanWhether the alert becomes active when updated default=true Default: true
readonly id?: stringTitle of the alert
readonly ioc?: booleanWhether the observable is an IOC (Indicator of compromise)
readonly jsonDefault: true
readonly limit?: numberMax number of results to return Default: 100 Type options: {"minValue":1,"maxValue":500}
readonly message?: stringDescription of the observable in the context of the case
readonly operation?: stringChoose from the list, or specify an ID using an expression Default: "create" Type options: {"loadOptionsMethod":"loadAlertOptions"}
readonly options?:
| { sort?: string }
| { includeSimilar?: boolean }
| { tags?: string }
| {
customFieldsJson?: string;
customFieldsUi?: {
customFields: { field?: string; value?: string }[];
};
endDate?: string;
metrics?: string;
summary?: string;
}
| {
description?: string;
endDate?: string;
owner?: string;
startDate?: string;
}
| {
attachmentValues?: {
attachmentValues: { binaryProperty?: string };
};
}Default: {}
readonly owner?: string§readonly resource?: "task" | "case" | "log" | "alert" | "observable"Default: "alert"
readonly responder?: stringChoose from the list, or specify an ID using an expression Type options: {"loadOptionsDependsOn":["id"],"loadOptionsMethod":"loadResponders"}
readonly returnWhether to return all results or only up to a given limit
readonly severity?: 1 | 3 | 2Severity of the alert. Default=Medium. Default: 2
readonly sighted?: booleanWhether sighted previously
readonly source?: stringSource of the alert
readonly sourceSource reference of the alert
readonly startDate and time of the begin of the case default=now
readonly status?:
| "Completed"
| "New"
| "Updated"
| "Ignored"
| "Imported"
| "Ok"
| "Deleted"
| "Waiting"
| "InProgress"
| "Cancel"Status of the alert Default: "New"
Case Tags
readonly taskID of the task
readonly title?: stringTitle of the alert
readonly tlp?: 0 | 1 | 3 | 2Traffict Light Protocol (TLP). Default=Amber. Default: 2
readonly type?: stringType of the alert
readonly update
| {
artifactUi?: {
artifactValues: {
binaryProperty?: string;
data?: string;
dataType?: string;
message?: string;
tags?: string;
}[];
};
caseTemplate?: string;
customFieldsJson?: string;
customFieldsUi?: {
customFields: { field?: string; value?: string }[];
};
description?: string;
follow?: boolean;
severity?: 1
| 3
| 2;
status?: "New" | "Updated" | "Ignored" | "Imported";
tags?: string;
title?: string;
tlp?: 0 | 1 | 3 | 2;
}
| {
ioc?: boolean;
message?: string;
sighted?: boolean;
status?: "Ok"
| "Deleted";
tags?: string;
tlp?: 0 | 1 | 3 | 2;
}
| {
customFieldsJson?: string;
customFieldsUi?: {
customFields: { field?: string; value?: string }[];
};
description?: string;
endDate?: string;
flag?: boolean;
impactStatus?: | "NoImpact"
| "WithImpact"
| "NotApplicable";
metrics?: string;
owner?: string;
resolutionStatus?: | "Other"
| "Duplicated"
| "FalsePositive"
| "Indeterminate"
| "TruePositive";
severity?: 1
| 3
| 2;
startDate?: string;
status?: "Open" | "Deleted" | "Resolved";
summary?: string;
tags?: string;
title?: string;
tlp?: 0 | 1 | 3 | 2;
}
| {
description?: string;
endDate?: string;
flag?: boolean;
owner?: string;
startDate?: string;
status?: | "Completed"
| "Waiting"
| "InProgress"
| "Cancel";
title?: string;
}Default: {}
Default: {}