Artifacts Overview

Minimum Role: Organization role of Read Only User (for viewing Artifacts and copying hash codes for Artifacts); Organization role of Standard User (for creating and editing Artifacts); Organization role of Organization Administrator (for deleting Artifacts)

Prerequisites: Workflow enabled by a System Administrator; a Workflow Case created in your Organization (see the Creating Cases)

In ThreatConnect^®, an Artifact is any piece of data not captured in a Note that provides information relevant to a Workflow Case that may be useful to an analyst. Potential Artifact types include all ThreatConnect Indicator types, as well as a variety of other data types. Examples of Artifacts include domains, email addresses, log files, emails, PCAP files, screenshots, SIEM event files, and malware documents.

The Artifacts card of a Case displays a table of all Artifacts that are part of the Case being viewed. When viewing an Artifact’s details, you may view and create associations between the Artifact and Indicators and Groups in your Organization. Creating these associations is one of the main ways to connect information gathered within a Case with threat intelligence in your Organization. Artifacts that are associated with Indicators and Groups will be listed as associated Artifacts on the Associations card on the Details screen for the Indicator and Group.

ThreatConnect^® is a registered trademark of ThreatConnect, Inc.

20123-01 v.02.A