Alert, Intel & RFI Custom Fields
Create and manage custom fields for alert, intel, and RFI submission forms to align with your organization's requirements. You can create various field types such as text boxes, single-select, multi-select, and more, and map them to alert categories for effective usage.
Before you Start
Ensure that you have the View and Create/Update permissions for the Custom Fields module.
Note
If you want to search for a custom field in a specific module, click the Filter icon to open the search field and enter your query into the Search bar.
Create a Custom Field
To create a custom field, follow these steps:
Go to Administration > Settings > Field Management > Custom Fields.
Select Alert, Intel & RFI, click Create, and use the following information:
Field Name: Enter the name of the field. For example, IP Address.
Field Description: Enter a description for the field. Members can view this description when they hover over the info icon while sharing threat intel or submitting an RFI.
Field Type: Select a field type. For example, Text.
Use the text field to allow users to enter text characters.
Use the text box users to allow users to enter text characters in a WYSIWYG editor.
Use the Boolean field to allow users to provide true or false values as entries.
Use the date field to allow users to select a date entry from the calendar.
Use the single-select field to allow users to select a single option from a preset list of options.
Use the multi-select field to allow users to select multiple options from a preset list of options.
Use the threat indicator field to allow users to add threat indicators such as IP, domain, email, URL, SHA1, SHA256, MD5, and IPv4 CIDR.
Turn on the Alert toggle to use this field while creating alerts. You must first map this field to an alert category, and then use the field in the alert content. When you select a category for the alert, the single-select fields assigned to the category display automatically in the Additional section of the alert creation form. For example, you can assign the IP Address field to the Phishing Attack category to allow analysts to add malicious IP details when sharing phishing attack alerts.
Turn on the Intel toggle to enable members to use this field while sharing threat intel. This field appears in the Additional section of the intel submission form.
Turn on the RFI toggle to enable members to use this field while submitting an RFI.
Click Create. When a publisher selects a category while creating an alert, the fields assigned for alerts display automatically in the Additional tab of the Create Alert page. To map fields to an alert category, see Create Custom Alert Categories.
Update a Custom Field
To update the details of a custom field, follow these steps:
Hover over the field you want to modify, click the vertical ellipsis, and click Edit.
Update the required details such as the field name, description, and usage preference.
Set the status of the field to active using Active/Inactive. You can only assign active fields to alert categories.
Search and Filter Custom Fields
You can search and filter custom fields from the list. You can directly search using a keyword or filter by parameters such as field status (active, inactive) and field type.