Case creation from security artifacts In addition to creating cases manually from Security Case Management, you can also create cases from security artifacts, such as security incidents, indicators of compromise, affected users, and configuration items. IoCs and observables in casesIn Threat Intelligence, you can create cases from IoCs and observables, as well as add IoCs and observables to existing cases. You can also create observables directly from a case.Security incidents in casesIn Security Incident Response, you can create cases from security incidents, CIs, and affected users, as well as add those artifacts to existing cases.Configuration items in casesYou can create a new case from one or more configuration items (CI) in the Configuration Item [cmdb_ci] table. You can also add CIs to existing cases.Affected users in casesYou can create a new case from one or more affected users in the User [sys_user] table. You can also add users to existing cases.