An artifact is data such as an indicator of compromise that supports or relates to a
case. An artifact can also be standalone, where it is not attached to a case.
Some of the supported artifacts types are threat CVE IDs, DNS names, Email Attachments, URLs,
SHA-256 hashes, SHA-1 hashes, MD5 hashes, URI Path, Registry Keys, Observed Data, MAC addresses, and
IP addresses, both IPV4 and IPv6.
Note: Any IPv4 addresses encoded in an IPv6 format are displayed in
the IPv4 format. True IPv6 addresses are displayed in IPv6 format.
The Artifacts view
shows all artifacts across the account, including all
artifacts that are added to cases, and also any standalone artifacts.
Note: Observed data artifact
types added to cases are not shown on the artifacts view.
The Artifacts tab organizes artifacts by type, such as file
name, MAC address, suspicious URL, MD5 and SHA1 file hashes, and more. An artifact can also have an
attachment, such as an email, log file, and malware sample.