Custom Fields
Admins can create various types of custom fields such as text boxes, multi-select, and single-select, and map them to alert categories. Custom fields appear while creating alerts, in the threat intel submission form, or in the Request for Information form of the CSAP Member Portal.
Analysts can use custom fields to add additional information that may not be included in the standard form. For example, configure and use a custom field Vulnerability Discovered Year in RFI to include additional information such as the year of discovery for a vulnerability.
Before you Start
You must have the View and Create/Update permissions for the Settings module.
Note
If you want to search for a custom field in a specific module, click the Filter icon to open the search field and enter your query into the Search bar.
Create a Custom Field
To create a custom field, do the following.
Navigate to Settings > Field Management > Custom Fields
Select Alert, Intel & RFI and click Create
Enter the name of the field. For example, IP Address.
Select where to use the custom field.
Enable the Alert option for the required fields, assign the field to an alert category, and use the field in the alert content.
When you select a category for the alert, the single select fields assigned to the category display automatically in the Additional section of the alert creation form. For example, you can assign the IP Address field to the Phishing Attack category to allow analysts to add malicious IP details when sharing Phishing Attack alerts.
Enable Intel for the required single select field to display it in the CSAP Member Portal threat intel submission form.
Enable RFI to display the required field in CSAP Member Portal Request For Intel submission form. These fields appear in the Additional section of the RFI submission form.
Enable Show in webapp filters for the required field to allow members to use the single select field as a search filter and find alerts on the CSAP Member Portal. This feature is available for single-select and multi-select fields.
Select a field type. For example, Text.
Use the text field to allow users to enter text characters.
Use the text box users to allow users to enter text characters in a WYSIWYG editor.
Use the boolean field to allow users to provide true or false values as entries.
Use the date field to allow users to select a date entry from the calendar.
Use the single-select field to allow users to select a single option from a preset list of options.
Use the multi-select field to allow users to select multiple options from a preset list of options.
Use the threat indicator field to allow users to add threat indicators such as IP, Domain, Email, URL, SHA1, SHA256, MD5, and IPv4 CIDR.
Set the status of the field to active using Active/Inactive. You can only assign active fields to alert categories.
Click Create.
When a publisher selects a category while creating an alert, the fields assigned for alerts display automatically in the Additional tab of the Create Alert page. To map fields to an alert category, see Create Custom Alert Categories.
Update a Custom Field
To update the details of a custom field, do the following.
Hover over the field you want to modify and click Edit.
Update the required details such as the field name, usage preference, and field type.
Set the status of the field to active using Active/Inactive. You can only assign active fields to alert categories.
Search and Filter Custom Fields
You can search and filter custom fields from the list. You can directly search using a keyword or filter by parameters such as field status (active, inactive) and field type.