--- title: "Artifacts Overview | ThreatConnect" slug: "artifacts-overview" description: "This article provides an overview of Artifacts in ThreatConnect and the corresponding minimum roles and prerequisites for this feature." tags: ["Case Management"] updated: 2024-02-08T13:57:01Z published: 2024-02-08T13:57:01Z canonical: "knowledge.threatconnect.com/artifacts-overview" --- > ## Documentation Index > Fetch the complete documentation index at: https://knowledge.threatconnect.com/llms.txt > Use this file to discover all available pages before exploring further. # Artifacts Overview In ThreatConnect®, an Artifact is any piece of data not captured in a [Note](/v1/docs/case-notes) that provides information relevant to a [Workflow Case](/v1/docs/workflow-cases) that may be useful to an analyst. Potential Artifact types include all ThreatConnect [Indicator types](/v1/docs/the-threatconnect-data-model#indicator-types), as well as a variety of other data types. Examples of Artifacts include domains, email addresses, log files, emails, PCAP files, screenshots, SIEM event files, and malware documents. A Case’s [**Artifacts**card](https://knowledge.threatconnect.com/docs/artifacts-card) displays a table containing all Artifacts that belong to the Case. When [viewing an Artifact’s details](https://knowledge.threatconnect.com/docs/viewing-artifact-details), you can view Indicators and Groups associated or potentially associated to the Artifact and create associations to Indicators and Groups in your Organization, Communities, and Sources. Creating these associations connects information gathered in a Case with your threat intelligence data. In addition to viewing these associations on the **Artifacts**card, you can view them on the **[](https://knowledge.threatconnect.com/docs/the-associations-tab#artifacts)** [](https://knowledge.threatconnect.com/docs/the-associations-tab#artifacts)[**Artifacts** card of the **Associations** tab](https://knowledge.threatconnect.com/docs/the-associations-tab#artifacts) on an associated Indicator’s or Group’s [**Details** screen](https://knowledge.threatconnect.com/docs/the-details-screen). If viewing an associated Indicator’s or Group’s [legacy **Details** screen](https://knowledge.threatconnect.com/docs/the-details-screen-legacy), associated Artifacts are displayed in the [**Associated Artifacts** section of the **Associations** card](https://knowledge.threatconnect.com/docs/table-view-associated-artifacts) while the card is in table view. When viewing an Artifact whose type maps to a ThreatConnect Indicator type, you can enrich the Artifact with data retrieved from third-party enrichment services enabled and configured for the corresponding Indicator type. ## Before You Start | Minimum Role(s) | - Organization role of Read Only User (for viewing Artifacts, copying hash codes for Artifacts, and enriching Artifacts with data retrieved from third-party enrichment services) - Organization role of Standard User (for creating and editing Artifacts and managing their associations) | | --- | --- | | Prerequisites | - Workflow enabled by a System Administrator - A [Workflow Case created in your Organization](https://knowledge.threatconnect.com/docs/creating-cases) - Cross-owner associations enabled by a System Administrator (for creating associations between Artifacts in your Organization and Groups and Indicators in Communities and Sources to which you have access) - An enrichment service enabled and a valid API key for that enrichment service entered by a System Administrator on the **Indicators**tab of the **System Settings** screen (for enriching Artifacts whose type maps to an Indicator type for which a third-party enrichment service is available; see the “Enrichment Tools” section of *ThreatConnect System Administration Guide* for more information) | --- *ThreatConnect® is a registered trademark of ThreatConnect, Inc.* 20123-01 v.04.A ## Related - [Associations](/associations.md) - [Case Associations](/case-associations.md) - [Case Notes](/case-notes.md) - [Parts of a Case](/parts-of-a-case.md) - [Phases and Tasks](/phases-and-tasks.md) - [ThreatAssess and CAL](/threatassess-and-cal.md) - [Timeline Events](/timeline-events.md) - [Workflow Overview](/workflow-overview.md) - [Workflow Playbooks](/workflow-playbooks.md)