Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Custom severity levels for alerts and cases #363

Closed
woifi opened this issue Nov 3, 2017 · 12 comments
Closed

Custom severity levels for alerts and cases #363

woifi opened this issue Nov 3, 2017 · 12 comments
Assignees
@To-om
Labels
core feature request priority:medium Medium priority TheHive4 TheHive4 related issues
Milestone
4.0.0-RC2

Comments

@woifi
Copy link

woifi commented Nov 3, 2017

Request Type

Feature Request

Problem Description

Currently, the severity level of alerts and cases is hardcoded to the values Low, Medium and High. We would love to have these customizable because our current SOC processes support more than those three values (i.e. there is also "Info only" and "Critical").
@saadkadhi saadkadhi added this to the 3.1.0 milestone Nov 6, 2017
@Viper896
Copy link

+1, We have a P0-P3 scheme and would like the additional support for defining custom severity/priority levels

@nadouani nadouani changed the title [Feature Request] - Custom severity levels for alerts and cases Custom severity levels for alerts and cases Nov 22, 2017
@frikky
Copy link

frikky commented Dec 5, 2017

We also need custom / more severity levels 👍

@infsy
Copy link

infsy commented Dec 7, 2017

Same for us !

@francoisihry
Copy link

Custom severity 👍
Interested in that feature too.

@francoisihry
Copy link

I think allow users to display their own metrics in the cases list and allow them to sort the cases by the metrics would fix the need just fine.

@saadkadhi saadkadhi mentioned this issue Jun 7, 2018
Closed
@saadkadhi saadkadhi removed this from the 3.1.0 (Cerana 1) milestone Jun 13, 2018
@InTheWoodsAutomation
Copy link

Is being able to customize severity levels still being pursued?

@inodee
Copy link

inodee commented Mar 4, 2019

Yes, please!

@flyuk
Copy link

flyuk commented Nov 21, 2019

This would be great!

@zpriddy
Copy link

zpriddy commented Dec 5, 2019

#939 adds Critical severity :)

@jeromeleonard jeromeleonard added core feature request priority:medium Medium priority TheHive4 TheHive4 related issues labels Mar 11, 2020
@nadouani
Copy link
Contributor

4.0.0-RC1 has already added a Critical severity. I don't think an Info severity is meaningful.

Any thoughts?

@nadouani nadouani added this to the 4.0.0-RC2 milestone Mar 17, 2020
@crackytsi
Copy link

I think introducing critical as 4th severity is very helpfull.
Thanks a lot for that.
But i think we should not have to many severities, for me personally 4 are fully enough.

@To-om To-om closed this as completed May 5, 2020
@hkelley
Copy link

hkelley commented Mar 6, 2021

I know this issue has been closed but I would still like to be able to customize the labels (four are enough).

Our workflow is this:

  • Hive Alerts that cannot be immediately closed (we would really like to require a comment/explanation when closing an alert) become Cases. In our IR scale, these Cases should be graded as "Events" (lowest level, not yet an Incident). We open a case because more investigation is required, but we do not yet call it a true Incident because we don't yet know if any security controls were evaded or any harm was done.
  • If the facts warrant, the Event becomes a Low, Medium, or High severity Incident (at which point, the ears of auditors, lawyers, and execs perk up a bit).

I think that being able to make the names/labels match the different organizational vocabularies and cultures is fairly important when talking about incident response.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@To-om To-om

Labels
core feature request priority:medium Medium priority TheHive4 TheHive4 related issues
Projects
None yet
Milestone
4.0.0-RC2
Development

No branches or pull requests