Artifacts view

The artifacts view shows all artifacts in the account from a single page. You can see all artifacts across all cases and also any standalone artifacts. This provides a clear picture of the frequency of artifacts, providing insight and visibility into the overall impact of any artifact in the account.

Your role must include the View the global list of Artifacts permission to access the artifacts view. To create, edit, or delete artifacts or artifact tags from the artifacts view, your role must include the Manage Artifacts permission.

To go to the artifacts view, from the IBM Security QRadar Suite menu, select My applications > Case Management > Artifacts. All of the artifacts in the account to which you are logged in are displayed, including all case artifacts and standalone artifacts. Standalone artifacts are artifacts that have been added to the system and are not part of any case. The following graphic shows an example.

The surrounding text describes this graphic, which is a snap shot of the user interface.
The Related Case Count column shows the number of cases an artifact is impacting. You can complete the following actions:
  • Search through the artifacts list by value or summary. To search, click the search icon and enter your search criteria.
  • Sort by most columns shown on the view. For example, you can sort by the Related Case Count column to see the high frequency artifacts that are impacting the most cases.
  • Customize the columns to show the information of most importance to you. To customize the columns, click the settings icon and select the columns that you want to view, and then click Apply. You can also rearrange the order of the columns.
  • Click Set timeframe and limit the view to artifacts updated, created, or seen within a specific time.
  • Filter to view or restrict particular artifact types or artifact tags. To filter, click Filters and then select the artifact types or artifact tags that you want to view. You can also filter by the Relate Case Count and Threat Scan settings. For any artifact types or artifact tags on the filter menu, you can click the action button for the artifact type and select the option to filter or not filter, as shown in the following graphic.
    The surrounding text describes this graphic, which is a snap shot of the user interface.
    To remove filters, click Clear filters.
Note: Any deleted artifact types are shown but with a strikethrough line.

Click an artifact to go to the artifact, as shown in the following graphic.

The surrounding text describes this graphic, which is a snap shot of the user interface.
From within the artifact, you can see its details and take some actions:
  • Click in the Summary to edit inline.
  • To add artifact tags, click Tags and you can select an existing tag, if any exist, or enter a new tag. Tags are case sensitive.
  • Use the Threat scan toggle to send an artifact to a cyberthreat source to be scanned. This setting applies only to system provided artifact types that can be scanned by system provided threat sources.
  • The Hits section provides a scan report for each hit. The scan report displays information that is provided by the threat source. You can filter the list by threat source.
  • If Whois information was loaded for a DNS artifact in the case Artifacts tab, that information is displayed in the Whois section.
  • From the Cases with Related Artifacts section, you can see the details of any related cases. Click the case ID to go to the case.
  • From the Artifact History section at the bottom, you can view the artifact history, and add or remove filters to control what is shown in the history.

Adding a standalone artifact

You can add a standalone artifact that is not attached to a case. However, you cannot add file-based or Observed Data type artifacts standalone. To add a standalone artifact:
  1. Go to the artifacts view by selecting My applications > Case Management > Artifacts from the main menu.
  2. Click Add Artifact.
  3. Select an artifact type, enter a value for the artifact, and optionally, a summary and tags.
    Note: You can add an artifact with the same value as an existing artifact if the artifact type is different.
  4. Optionally, you can toggle Relate case and Threat scan off.
  5. Click Create.
The artifact is added to the list of artifacts on the artifacts view.


The following demo shows an example of the artifacts view. It shows the following:
  • Navigating from the homepage to the artifacts view.
  • Sorting the list of artifacts by Related Case Count.
  • Selecting an artifact.
  • Editing the artifact summary inline.
  • Reviewing the Cases with Related Artifacts section.
  • Reviewing the Artifact History, we can see the history, including the change made to the summary.
  • Scrolling up to the Cases with Related Artifacts section and clicking into a related case.

The surrounding text describes this demo, which is an example of the user interface.