Annotate security artifacts

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • As you are analyzing a case, you can add annotations to any artifact.

    Before you begin

    The Threat Intelligence plugin must be activated to use Security Case Management.
    Role required:
    • sn_ti.case_user_write for adding annotations
    • sn_ti.case_user_read to view annotations

    Procedure

    1. Open a case that contains artifacts that you want to annotate.
    2. Click the Case Artifacts related list.
    3. Click the tab associated with the artifacts you want to annotate.
      For example, click Indicators of Compromise to add annotations to IoCs.
    4. To add an annotation to one or more artifacts, perform the following steps:
      1. Select the artifacts to which you want to add an annotation.
      2. Click Annotate.
        Add an annotation
      3. Type the annotation and click Annotate.
        The annotation is added to the selected artifacts.
    5. To view annotations for an artifact, click the View annotations (View Annotations) icon.
      The existing annotations appear in the Annotations dialog box.
      Annotations dialog box
    6. You can also enter a new annotation for the artifact in the Security Annotation box, and click Annotate.