OpenCTI-Platform
Custom fields and templates in Cases and Incidents
Use case
In incident management it is essential to be able to create custom fields for each type of incident, allowing searches for any of them and also using them to create personalized dashboards.
Current Workaround
The only workaround is to use the system's predefined fields or relationships with other entities or objects, and put those fields that do not fit in the description or as notes or labels.
Proposed Solution
Use a similar strategy to TheHive with custom fields for alerts and cases, where you can add the fields you need to each template of a case type. Additionally, when promoting an alert to a case, custom fields are maintained.
Custom fields that can depend on others and be able to customize the design of the templates for each case would also be interesting.
Additional Information
- Custom fields in TheHive: https://docs.strangebee.com/thehive/administration/custom-fields/
- Case templates in TheHive: https://docs.strangebee.com/thehive/user-guides/organisation/templates/case-templates/#new-case-template
- Conditional custom fields in Catalyst SOAR: https://catalyst-soar.com/features/#conditional-custom-fields
- Custom fields in Cortex XSOAR: https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Administrator-Guide/Create-a-Custom-Incident-Field
- Custom incident layouts in Cortex XSOAR: https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Administrator-Guide/Customize-Incident-Layouts
If the feature request is approved, would you be willing to submit a PR?
No, it is not a simple development.
