Artifact Administrative Options
- 26 Aug 2022
- 3 Minutes to read
-
Print
-
DarkLight
Artifact Administrative Options
- Updated on 26 Aug 2022
- 3 Minutes to read
-
Print
-
DarkLight
The vertical ellipsis menu in the rightmost column for an Artifact provides six administrative options for the Artifact (Figure 1).
Add Note
Select Add Note to add a Note to the Case that will be linked to the Artifact. The Create Note drawer will be displayed (Figure 2).
- Enter the contents of the Note in the text box, which supports Markdown.
- Click the CREATE button. The Note will be added to the Case and displayed in the Notes card, with a link to the Artifact.
Copy hash code
Select Copy hash code to copy the hash code for the Artifact (including Artifacts that have String values, such as Addresses) to the clipboard—for example, to paste and send to a System Administrator for addition to an exclusion list.
Edit
Select Edit to edit the Artifact. The Edit Artifact drawer will be displayed (Figure 3).
- Edit the Artifact as desired. For an explanation of each option available on this drawer, see Adding Artifacts to a Case. Note that you cannot change an existing Artifact’s type.
- To add a new Note to the Artifact, click the plus
icon at the bottom right of the Edit Artifact drawer. The Create Note drawer will be displayed. See the “Add Note” for more information about adding a Note to an Artifact. - Click the SAVE button to save the edits.
Remove
Select Remove to delete the Artifact. The Remove Artifact window will be displayed. Click the CONFIRM button to delete the Artifact from the Case.
Run Playbook
Select Run Playbook to run a Workflow Playbook on the Artifact. The Run Playbook drawer will be displayed, showing all Workflow Playbooks in your Organization (Figure 4).
Select a Playbook to run on the Artifact. The Run Playbook drawer will display the required inputs for that Playbook, with the selected Artifact highlighted in the table of Artifacts on the bottom right of the drawer (Figure 5).
Note
If you try to select a Playbook with a status of Inactive, like the Phishing Alert Playbook in Figure 4, a message will be displayed stating you can select only an active Playbook. This message will include a link to open the selected Playbook in the Playbook Designer in a new browser tab. After activating the selected Playbook, return to the browser tab with the Run Playbook drawer open and click REFRESH to refresh the list of Playbooks and display a status of Active for the Playbook.
- Fill in all required input fields. Note that you can use the Filter field to filter Artifacts by keyword, if desired. Similarly, click the Show Variables link to view all variables in your Organization, if desired.
- Click the OUTPUTS > link at the bottom right of the drawer.
The drawer will display all outputs that the Playbook will produce (Figure 6).
To save an output as an Artifact, toggle the Save to Artifact slider on (orange). Fields for configuring the Artifact will be displayed (Figure 7).
- Artifact Name: Enter a name for the Artifact.
- Artifact Type: Select the type of Artifact being saved.NoteOnly Artifact Types that map to the Data Type of the output will be provided in the dropdown menu. For example, if the Data Type is String, then the Artifact Type menu will display only Artifact types that are Strings.
- Configure Artifact: Select the failure option(s) for the Playbook. Note that no selection is required for this field, and more than one option may be selected. Available options include:
- Output is required: Select this option to make the Playbook fail if it does not produce any output.
- Fail playbook if artifact validation fails: Select this option to make the Playbook fail if it produces output that fails Artifact validation.
- Click the RUN button to run the Playbook.
Show in Timeline
Select Show in Timeline to filter the Case’s Timeline card to display Timeline Events related to the Artifact (Figure 8).
ThreatConnect® is a registered trademark of ThreatConnect, Inc.
20123-04 v.02.A
Was this article helpful?
