Open dibas830 opened 4 years ago
crackytsi
commented
4 years ago Hi Actually there is a Feature that makes alerts unique. For cases this does not exist but should not be needed if you create Alerts in thehive instead. Can you create Alerts instead?
dibas830
commented
4 years ago Hi Actually there is a Feature that makes alerts unique. For cases this does not exist but should not be needed if you create Alerts in thehive instead. Can you create Alerts instead?
We are done with alerts and we are getting unique alert as well . Meanwhile we were trying to convert alert to case in thehive, but after conversion, we are not getting Task in converted case. Could you please let us know how can we create task for the same?
crackytsi
commented
4 years ago We are done with alerts and we are getting unique alert as well . Meanwhile we were trying to convert alert to case in thehive, but after conversion, we are not getting Task in converted case. Could you please let us know how can we create task for the same?
Sorry, I don't understand the relation to "duplicate cases". For my opinion if the incoming alert is unique this already ensures that there is not duplicate case of an alert. Reagrding tasks: If you import an Alert you can choose a template that based on this the alert is imported. The template could have several tasks.
If I don't get the point it might be that other also don't get the point. So please try to describe it more precise ;)
Do we have logic/code to know whether the case is a duplicate? I am facing issue with duplicate cases coming from same source. I am doing automation via API with python.
In our automation code, we have integrated crowdstrike to thehive. Here when any "detection" is found, the code is being triggered and thehive will create an case. Again, when we trigger the same code, it is creating a duplicate case for same “detection” of crowdstrike. Here I mean to say, for a single "detection" we can create multiple cases which are duplicate. Do we have logic to know whether the case is a duplicate?