Add artifacts to a case

  • Release version: Xanadu
  • Updated August 1, 2024
  • 1 minute to read

    • After you have created a case, you can add artifacts, such as security incidents, CIs, and indicators of compromise, to the case. These artifacts act as clues in solving the case.

    Before you begin

    The Threat Intelligence plugin must be activated to use Security Case Management.

    Role required: sn_ti.case_user_write

    Procedure

    1. Open a case to which you want to add artifacts.
    2. Click the Case Artifacts related list.
      Case artifacts
    3. Click the tab associated with the type of artifact you want to add to the case.
      For example, click Configuration Items to add one or more CIs to the case.
      Configuration items
    4. Click Edit.
      Slushbucket
    5. Using the slushbucket and filters, locate the artifact records you want to add to the case and move them from the Collection bucket to the List bucket, and click Save.
      The list appears in the selected tab and the selected artifacts are added to the list.