Intermediate Case Status #892
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Request Type
Feature Request
Work Environment
No specifics apply here.
Problem Description
As many other "product" teams, we've decided to go with TheHive for a multi-tenancy SIEM project and use it as our main "case management" system receiving (fully custom) alerts from the SIEM. The integration is smooth now meaning we are able to feed TH with alerts and also collect TH data for later status synchronization.
Now to the problem:
AFAIK, TH provides to main "case statuses": Open (initial) and Resolved (final). When resolving a case, a workflow can easily benefit from the granularity around the existing Resolution statuses: TP, FP, Indeterminate and Other. However, especially for multi-tenant setups and when the end-user (customer) has no access to TH, it would be great if we could have a sort of "intermediate" status between Open (initial, triage phase) and Resolved (final, resolution phase) so that we can easily track when a case is for instance, "Under 3rd party investigation" or "Escalated to a customer". In other words, TH users need some sort of "Pending" status.
Possible Solutions
IMO, having the ability to handle a single intermediate status would make it. If the user/admin has the ability to set this status "label" (not its internal reference name), that would be super!
Complementary information
As discussed in the forum, please feel free to reach out in case we need to have a call/chat for more details. I'm keen to help and contribute however I can.
The text was updated successfully, but these errors were encountered: