Exclude security artifacts from a case

You can remove artifacts from the lists of supporting artifacts. They are not permanently removed and can be returned to the case as needed.

Before you begin

The Threat Intelligence plugin must be activated to use Security Case Management.

Role required: sn_ti.case_user_write

Procedure

  1. Open a case that contains artifacts that you want to exclude from a list.
  2. Click the Case Artifacts related list.
  3. Click the tab associated with the artifacts you want to exclude. For example, click Incidents to exclude security incidents from the list.
  4. Select one or more artifact records that you want to exclude.
    Exclude a security incident from the list
  5. Click Exclude.
  6. Click Exclude in the confirmation box.
    The selected artifacts are removed from the list.