Artifact

An Artifact refers to a specific data item or piece of evidence related to a security incident, used to support investigation and response efforts.
Artifacts can include various types of data, such as IP addresses, domains, file hashes, URLs, email addresses, etc.
Artifacts are attached to Alerts to help analyze and investigate security incidents.
Query/response/enrichment operations are typically performed on Artifacts, such as querying the owner of a hostname, looking up threat intelligence for a file hash, blocking an IP address, etc.

View

Supports multiple filtering and sorting functions.

Operation panel

Associated Enrichment records

Associated Alert records