[Question] - Githubissues

TheHive-Project / TheHive

TheHive: a Scalable, Open Source and Free Security Incident Response Platform

https://thehive-project.org

GNU Affero General Public License v3.0

3.28k stars 609 forks source link

[Question] #2228

Open fonk0rn opened 2 years ago

fonk0rn commented 2 years ago

Request Type

Question

Work Environment

Question	Answer
OS version (server)	Ubuntu
Virtualized Env.	True
Dedicated RAM	48 GB
vCPU	24
TheHive version / git hash	4.1.11-1
Package Type	Docker
Database	Cassandra
Index type	Lucene / Elasticsearch
Attachments storage	Local

Question

Hi. One of our SOC analysts had deleted the case. Is it possible to restore it and how to do this?

Thank you.

jkb-s commented 2 years ago

You can search the cases based on statuses. If it was soft deletion then only status was changed but the case itself should be in there. If it was forced deletion - its gone.

fonk0rn commented 2 years ago

Hi. How to know, is it soft or forced deletion? I had checked if the cease exists using API, answer was "Case not found". Is it mean forced delete? Can we configure somewhere and change delete mode to "soft"?