Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Annotate security artifacts

Log in to subscribe to topics and get notified when content changes.

Annotate security artifacts

As you are analyzing a case, you can add annotations to any artifact.

Before you begin

The Threat Intelligence plugin must be activated to use Security Case Management.
Role required:
  • sn_ti.case_user_write for adding annotations
  • sn_ti.case_user_read to view annotations


  1. Open a case that contains artifacts that you want to annotate.
  2. Click the Case Artifacts related list.
  3. Click the tab associated with the artifacts you want to annotate. For example, click Indicators of Compromise to add annotations to IoCs.
  4. To add an annotation to one or more artifacts, perform the following steps:
    1. Select the artifacts to which you want to add an annotation.
    2. Click Annotate.
      Add an annotation
    3. Type the annotation and click Annotate.
      The annotation is added to the selected artifacts.
  5. To view annotations for an artifact, click the View annotations (View Annotations) icon.
    The existing annotations appear in the Annotations dialog box.
    Annotations dialog box
  6. You can also enter a new annotation for the artifact in the Security Annotation box, and click Annotate.