Skip to content
ActionTheHiveUpdated May 2026

How do I create a TheHive alert from a workflow?

Short answer: Drop the "TheHiveCreate Alert" action anywhere in your workflow, map the inputs from upstream nodes, and publish.

Use this actionAll 3 TheHive actions
Inputs

The fields this action accepts.

Every field can be mapped from an upstream trigger, AI step, table row, or hard-coded literal.

FieldTypeRequiredDescription
Title
title
stringRequiredTitle
Description
description
stringRequiredDescription
Severity
severity
optionsOptionalSeverity. Options: Low, Medium, High, Critical
Type
type
stringRequiredType
Source
source
stringRequiredSource
Sample request
{
  "title": "{{trigger.title}}",
  "description": "{{trigger.description}}",
  "severity": "{{trigger.severity}}",
  "type": "{{trigger.type}}",
  "source": "{{trigger.source}}"
}
Returns
{
  "id": "alert_789",
  "title": "New Alert",
  "severity": 3
}

Use these fields in downstream nodes for routing, logging, or error handling.

Triggered by

Apps that pair well as the trigger for Create Alert.

Any of these apps can fire this action as part of a workflow.

GmailTheHive
1 Gmail triggers
SlackTheHive
13 Slack triggers
Google SheetsTheHive
2 Google Sheets triggers
HubSpotTheHive
18 HubSpot triggers
FAQ

Questions about Create Alert.

What does the Create Alert action do in TheHive?
Creates a new alert in TheHive with title, description, severity, observables, and source. Common entry point for piping detections from SIEM/EDR tooling into TheHive.
What inputs does Create Alert require?
Required: Title, Description, Type, Source. Every input accepts a static value or a variable from any upstream node in your workflow.
Can I use dynamic inputs from earlier workflow nodes?
Yes. Any field on this action can pull values from upstream nodes, whether that's a form response, a trigger payload, an AI output, or a lookup result.
What happens if TheHive returns an error?
The workflow pauses on the failed node, the error message is captured in the run log, and you can retry the run with one click. Auto-retry policies are configurable per workflow with exponential backoff up to 5 attempts.
Does Create Alert support batch operations?
Yes. Run Create Alert inside a Loop node to process arrays. Tiny Command handles TheHive's rate limits automatically so you don't have to throttle manually.
More actions

Other TheHive actions.

Action
Create Case
Creates a new investigation case in TheHive with title, description, severity, TLP, and assigned user. Use it to promote a manual report or external ticket into a formal case.
Action
List Alerts
Lists alerts in TheHive matching the supplied filters (severity, status, source, date range). Useful for periodic alert-fatigue or aging reports.

Send create alert from your workflows.

Triggered by anything in the catalog. Free tier available. No credit card.

Try for freeRequest a demo

Be the first to know what's next.

Submit your email to get early access updates, new feature announcements, and the latest in automation from TinyCommand.
Subscribe
About usPrivacy policySubmit RequestTerms of usePricingMake a referralContact usBecome a partnerCancellation & refundBlogs
© TinyCommand LLC 2026
XLinkedInInstagramYouTubeFacebook