Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature Request] Keep sourceRef with case #744

Closed
zpriddy opened this issue Oct 4, 2018 · 5 comments
Closed

[Feature Request] Keep sourceRef with case #744

zpriddy opened this issue Oct 4, 2018 · 5 comments
Labels
question

Comments

@zpriddy
Copy link

zpriddy commented Oct 4, 2018
edited
Loading

Request Type

Feature Request

Request

It would be very helpful to keep the sourceRef(s) with the case when an alert is turned into a case. This would be useful in cases where you would like to call a webhook and respond to the service that generated the alert.

for example if PagerDuty generated an alert with sourceRef = 123abc When that alert is turned into a case I would like to acknowledge it in PagerDuty and when its closed i'd like to resolve it in PagerDuty. However as soon as the case is created i lose the sourceRef

Possible Solutions

store and object in the case of sourceRefs=[{source:sourceRef}] so for example sourceRefs=[{"pagerduty":"123abc"}]

This would work with multiple alerts merged into one case

sourceRefs=[
     {"pagerduty":"123abc"},
     {"pagerduty":"847hfg"},
  ]
@zpriddy
Copy link
Author

zpriddy commented Oct 6, 2018

With the changes in #687 this is something that might be able to be done with custom fields if we were able to add custom fields into the Alert and have them carry over to the case.

@nadouani
Copy link
Contributor

nadouani commented Oct 8, 2018

With the changes in #687 this is something that might be able to be done with custom fields if we were able to add custom fields into the Alert and have them carry over to the case.

This is possible, when your define a custom field in an alert, it's copied to the case.
If this is not working, please let us know.

I'll close the issue, and please feel free to reopen it if needed.

@nadouani nadouani closed this as completed Oct 8, 2018
@zpriddy
Copy link
Author

zpriddy commented Oct 9, 2018
edited
Loading

With the changes in #687 this is something that might be able to be done with custom fields if we were able to add custom fields into the Alert and have them carry over to the case.

This is possible, when your define a custom field in an alert, it's copied to the case.
If this is not working, please let us know.

I'll close the issue, and please feel free to reopen it if needed.

Yup that worked! Thanks! There was no API documentation about customFields in alerts and it wasnt in theHive4py so i was not aware that this could be done

@zpriddy
Copy link
Author

zpriddy commented Feb 2, 2019

@nadouani
I was thinking about this the other day in relation to #856
I feel like the sourceRef should me automatically added into the metadata of the case (even if it is a custom field that is not displayed until defined) just so you can go back and forth with the case <-> alert (and following alert etc) and i dont think this is something that should have to be done manually for each alert. I was wondering your thoughts on this?

@smogm
Copy link

smogm commented Dec 8, 2020

Hello @zpriddy and @nadouani, this may be related to this as well: #1647

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nadouani @zpriddy @smogm