TheHive Model Definition#
string: textual data (example "malware").
text: textual data. The difference between
textis in the way content can be searched.
stringis searchable as-is whereas
text, words (token) are searchable, not the whole content (example "Ten users have received this ransomware").
date: date and time using timestamps with milliseconds format.
boolean: true or false
number: numeric value
metrics: JSON object that contains only numbers
Field can be prefixed with
multi- in order to indicate that multiple values can be provided.
All entities share the following attributes:
createdBy (text) : login of the user who created the entity
createdAt (date) : date and time of the creation
updatedBy (text) : login of the user who last updated the entity
upadtedAt (date) : date and time of the last update
user (text) : same value as
createdBy (this field is deprecated)
These attributes are handled by the back-end and can't be directly updated.