Annotate security artifacts

As you are analyzing a case, you can add annotations to any artifact.

Before you begin

The Threat Intelligence plugin must be activated to use Security Case Management.
Role required:
  • sn_ti.case_user_write for adding annotations
  • sn_ti.case_user_read to view annotations

Procedure

  1. Open a case that contains artifacts that you want to annotate.
  2. Click the Case Artifacts related list.
  3. Click the tab associated with the artifacts you want to annotate. For example, click Indicators of Compromise to add annotations to IoCs.
  4. Select one or more artifact records that you want to annotate.
  5. Click Annotate.
    Add an annotation
  6. Add your annotation text and click Annotate.
    If you selected more than one artifact, the annotation is added to each of them.
  7. To view the annotations, click the Related Details icon for one of the artifacts, and click the Security Annotations tab.