No API Alert documentation

[ST2Labs]

Request Type

Feature Request

Work Environment

Question	Answer
OS version (server)	Ubuntu
OS version (client)	16.04
TheHive version / git hash	2.11.0
Package Type	Binary
Browser type & version	Firefox

Problem Description

I haven't document API to send Alert to Hive | I start to send alerts but if the same Alert repeat obtain this error:

"type":"ConflictError","message":"[alert][d159c8f799206d5fa6eef66f67910e1c]: document already exists","object" ...

Steps to Reproduce

1. Send one Alert
2. Repeat to send Alert
3. Get Error / Not Update working ...

Possible Solutions

How Can I update Alert ? It's possible? What happend if you have Alert waiting to "read" and receive a nother Alert with same "title", "type" etc.. but description body diferrent?

Which is the correct way to send Alert ? I reading https://github.com/CERT-BDF/TheHive4py/blob/master/thehive4py/api.py to "understand API Hive to Alert".

Thanks in advance!

[saadkadhi]

Hi @ST2Labs

Thank you for raising this issue. We are going to produce the missing documentation shortly.

[To-om]

Hi @ST2Labs

I'm writing API documentation for alerts.

When you create an alert, you must set:

• its type (e.g. SIEM, MISP, Mail)
• source which defines the component that send the alert
• sourceRef which is a reference of the source (e.g. mail ID, SIEM alertID, ...)

These 3 attributes must be unique, otherwise TheHive considers that the alert already exists an refuse to create a new one. Maybe you should generate a random reference for sourceRef if you don't have ID for each alert.

[ST2Labs]

¡ Good ! | OK I will try it and feedback the results!

Thanks !

[To-om]

You can find alert API documentation here. It is not complete be there is initial information to create alerts. If you have difficulties with alert API, feel free to reopen this issue, I'll complete documentation with information you need.