Closed
Description
Request Type
Feature Request
Work Environment
| Question | Answer |
|---|---|
| OS version (server) | Ubuntu |
| OS version (client) | Ubuntu |
| TheHive version / git hash | 2.10.0 |
| Package Type | Binary |
| Browser type & version | Chrome 56 |
Problem Description
If an analyst discards a MISP event or ignores an update by mistake, they cannot undo their action. TheHive must make it possible to search or see ignored/discarded MISP events and create cases out of them.
There's another use case for such a feature. An analyst may get a report on suspicious activity related to a MISP event hours or days after they've seen it and ignored it, believing it is not of concern.
Or take for instance the 1st time when TheHive is connected to a MISP server. The analyst may get tons of events and they would sift through them hastily only to realize that they've been too quick on the ignore button.
Possible Solutions
Add the ability to view and search ignored MISP events and make cases out of them if needed.