ActionTheHiveUpdated May 2026

How do I list alerts in TheHive?

Short answer: Drop the "TheHive → List Alerts" action anywhere in your workflow, map the inputs from upstream nodes, and publish.

Use this action All 3 TheHive actions

Inputs

The fields this action accepts.

Every field can be mapped from an upstream trigger, AI step, table row, or hard-coded literal.

Field	Type	Required	Description
Status status	options	Optional	Status. Options: All, New, Updated, Ignored, Imported

Sample request

{
  "status": "{{trigger.status}}"
}

Returns

[
  {
    "id": "alert_123",
    "title": "Suspicious Activity",
    "source": "IDS",
    "status": "New",
    "severity": 3
  }
]

Use these fields in downstream nodes for routing, logging, or error handling.

Triggered by

Apps that pair well as the trigger for List Alerts.

Any of these apps can fire this action as part of a workflow.

Google Sheets → TheHive

2 Google Sheets triggers

HubSpot → TheHive

18 HubSpot triggers

FAQ

Questions about List Alerts.

What does the List Alerts action do in TheHive?

Lists alerts in TheHive matching the supplied filters (severity, status, source, date range). Useful for periodic alert-fatigue or aging reports.

What inputs does List Alerts require?

List Alerts has no required inputs. Sensible defaults are applied if you leave fields blank.

Can I use dynamic inputs from earlier workflow nodes?

Yes. Any field on this action can pull values from upstream nodes, whether that's a form response, a trigger payload, an AI output, or a lookup result.

What happens if TheHive returns an error?

The workflow pauses on the failed node, the error message is captured in the run log, and you can retry the run with one click. Auto-retry policies are configurable per workflow with exponential backoff up to 5 attempts.

Does List Alerts support batch operations?

Yes. Run List Alerts inside a Loop node to process arrays. Tiny Command handles TheHive's rate limits automatically so you don't have to throttle manually.

More actions