- Case Manager i56 Release Notes
- What's New
- Known Issues
- Issues Fixed in Case Manager i56.5 (General Availability)
- Issues Fixed in Case Manager i56.6
- Issues Fixed in Case Manager i56.7
- Issues Fixed in Case Manager i56.8
- Issues Fixed in Case Manager i56.9
- Issues Fixed in Case Manager i56.10
- Issues Fixed in Case Manager i56.11
- Issues Fixed in Case Manager i56.12
- Get Started with Case Manager
- Configure Case Manager Settings
- Investigate a Security Incident
- Manually Create an Incident
- Edit an Incident
- Delete an Incident
- Manually Assign an Incident to a Queue, Assignee, Priority, or Status
- Manually Add an Entity
- Manually Add an Artifact
- Delete an Entity or Artifact
- Add Advanced Analytics Evidence to a Case Manager Incident
- Manage Tasks During an Investigation
- Send Messages from an Incident
- Filter Incidents
- Search for an Incident
- Sort Incidents
- Export Incidents
Case Manager Artifacts
A Case Manager artifact is evidence you collect as you investigate an incident to describe and enrich a Case Manager entity.
An artifact is the additional evidence you discover as you investigate. There are five artifact types: email address, file, IP, process, and URL. Artifacts are timestamped. You create an artifact manually, or automatically through an action. Although not all artifacts are important to your investigation, you add it to the incident to record it just in case.
While entities and artifacts are both objects, they are different when you look at them in context and the different roles they play in your investigation. An artifact is an object you collect when you investigate an incident, like evidence the police find when investigating a crime. An entity is what the artifact supports or describes; it is the crime the police investigates. An artifact enriches an entity.
An item can't be both an entity and an artifact. However, in specific cases, something might appear under both the Artifact and Entities sections in an incident. For example: a malicious file is an entity, but its contents are artifacts.