search

TheHive-Project / TheHive

TheHive: a Scalable, Open Source and Free Security Incident Response Platform
https://thehive-project.org
GNU Affero General Public License v3.0
3.37k stars 615 forks source link

Adjustable severity ratings + ability to add severity ratings #11

Open derDuffy opened 7 years ago

derDuffy commented 7 years ago

Request Type

Feature Request

Description

Adjustable severity types in combination with the ability to add your own severity types would be highly beneficial for the adoption of theHive as a Incident Tracking System. Many organisations rely on incident response processes with defined severity ratings which are more granular the L - M -H, e.g. if mapped to risk management, where it is not uncommon to have 5 severity ratings. Being given the ability to change and/or add severity levels would be highly appreciated.

Complementary information

I'm aware that MISP uses only 4 threat levels (undefined, L, M and H) however I think from a methodology point of view it is also important to distinguish between the threat as tracked by MISP and the severity of an incident/case as tracked in theHive. A threat with a low threat level if successful against high value targets can well lead to a case/incident with very high severity to the business,

saadkadhi commented 7 years ago

The use case is indeed interesting and legitimate.