An artifact is data such as an indicator of compromise that supports or relates to a case. An artifact can also be standalone, where it is not attached to a case.

Some of the supported artifacts types are threat CVE IDs, DNS names, Email Attachments, URLs, SHA-256 hashes, SHA-1 hashes, MD5 hashes, URI Path, Registry Keys, Observed Data, MAC addresses, and IP addresses, both IPV4 and IPv6.
Note: Any IPv4 addresses encoded in an IPv6 format are displayed in the IPv4 format. True IPv6 addresses are displayed in IPv6 format.
The Artifacts view shows all artifacts across the account, including all artifacts that are added to cases, and also any standalone artifacts.
Note: Observed data artifact types added to cases are not shown on the artifacts view.

The Artifacts tab organizes artifacts by type, such as file name, MAC address, suspicious URL, MD5 and SHA1 file hashes, and more. An artifact can also have an attachment, such as an email, log file, and malware sample.