Adding artifacts to a case manually

An artifact is data that supports or relates to cases, such as an indicator of compromise. By adding artifacts to your SOAR cases, security analysts have more information available to investigate a case.

You can add artifacts to SOAR from either the Offenses or Log Activity tab.

Before you begin

Ensure that pop-up windows are enabled in your browser.

Procedure

  1. In the QRadar® Console, click the Offenses or Log Activity tab.
  2. Click the offense or event to view more information about it.
  3. Right-click the IP address, and click Add to SOAR.

    You are redirected to SOAR.

  4. In the Add Artifacts window, select the case to add the IP address to and click Add Artifacts.