- Case Manager i56 Release Notes
- What's New
- Known Issues
- Issues Fixed in Case Manager i56.5 (General Availability)
- Issues Fixed in Case Manager i56.6
- Issues Fixed in Case Manager i56.7
- Issues Fixed in Case Manager i56.8
- Issues Fixed in Case Manager i56.9
- Issues Fixed in Case Manager i56.10
- Issues Fixed in Case Manager i56.11
- Issues Fixed in Case Manager i56.12
- Get Started with Case Manager
- Configure Case Manager Settings
- Investigate a Security Incident
- Manually Create an Incident
- Edit an Incident
- Delete an Incident
- Manually Assign an Incident to a Queue, Assignee, Priority, or Status
- Manually Add an Entity
- Manually Add an Artifact
- Delete an Entity or Artifact
- Add Advanced Analytics Evidence to a Case Manager Incident
- Manage Tasks During an Investigation
- Send Messages from an Incident
- Filter Incidents
- Search for an Incident
- Sort Incidents
- Export Incidents
Case Manager Entities
A Case Manager entity describes the primary object or user involved in an incident.
An entity is the primary object you are investigating. You may pivot on entities, and add or edit its information. There are three entity types: device, user, and file.
While entities and artifacts are both objects, they are different when you look at them in context and the different roles they play in your investigation. An artifact is an object you collect when you investigate an incident, like evidence the police find when investigating a crime. An entity is the crime itself. An artifact enriches an entity.
An item can't be both an entity and an artifact. However, in specific cases, something might appear under both the Artifact and Entities sections in an incident. For example: a malicious file is an entity, but its contents are artifacts.