Case management: Have a resolution custom field

[nino-filigran]

Use case

Like Jira or other ticketing tools, have a resolution field that must become mandatory only when closing the case, with some custom values, taken from an openVocab.

[nino-filigran]

Linked to: https://github.com/OpenCTI-Platform/opencti/issues/6177

[jmbodelon]

Hi!

To add context, for example in The Hive the case closure window has the following mandatory fields:

• resolutionStatus: Indeterminate, FalsePositive, TruePositive, Other or Duplicated
• impactStatus (conditional on TruePositive resolution status): NoImpact or WithImpact for TruePositive, or NotApplicable for all other resolution statuses
• summary: summary of the case, to be provided when closing a case

Use case example:

The custom field "MDE Determination" is one that we use specifically for cases created using a custom template for "Microsoft Defender for Endpoint" (for cases of other types we use other templates with other fields). Once the analyst closes the case in TheHive by completing those values, a webhook is triggered providing which specific fields changed and their values (in json format with all the information of the entire case), being able to automate the closing of the alert also in the console of Microsoft Defender with the relevant information.