Skip to main content
Skip table of contents

Linked Artifacts

LAST UPDATED: NOV 22, 2024

Overview

Artifacts can be linked to an incident directly within the Incident Workspace, ensuring proper context and accessibility for analysis.

Artifacts can be linked in two ways:

  1. By selecting from existing artifacts.

  2. By adding new artifacts directly from Linked Artifacts.

Link from existing artifacts

This option allows searching for existing artifacts and selecting the relevant ones to associate with the incident.

Clicking on the Link from existing artifacts option will open the Link Existing Artifact pop-up.

To use this pop-up to search for artifacts to associate with the incident, follow the steps below:

  1. Select an artifact type and search for the artifact by its name.

  2. Click on the Link Selected Artifacts button to associate the artifact with the incident.

  3. Confirm that the artifact has been linked.

Link from new artifacts

New artifacts can be created and associated with the incident directly from Linked Artifacts.

Clicking on the Link from new artifact option will open the New Artifact pop-up. Artifacts can be created in either the Editor View, Raw View, or by batch upload.

Editor View

The editor view provides a more visual interface for adding new artifacts. It allows users to input values manually, select options from dropdown menus, and perform other interactive actions.

To create artifacts to associate with the incident in the editor view, follow these steps:

  1. Search for and select an artifact type from the dropdown menu and fill in the field(s).

  2. Save the artifact.

  3. Confirm that the newly created artifact has been linked.

Raw View

The raw view enables users to input data directly in JSON format.

To create artifacts to associate with the incident in the editor view, follow these steps:

  1. Toggle the raw view, select or search for an artifact type from the dropdown menu, and fill in the field(s).

  2. Save the artifact.

  3. Confirm that the newly created artifact has been linked.

Batch Upload

The batch upload feature enables users to add multiple artifacts simultaneously through the JSON editor.

It is recommended that users search for the required fields, copy the default JSON format, and paste it into a separate document (e.g., Word or a text file). Populate the fields with the required values using the specified format, then paste the updated JSON back into the editor for submission.

This approach ensures artifacts are correctly created and linked, minimizing errors and reducing time spent troubleshooting.

To batch upload artifacts, follow these steps:

  1. Toggle the raw view.

  2. Click on the Batch Upload button, replace the default data with the artifact data to be uploaded, and save the batch upload to complete the process.

  3. Confirm that all artifacts have been uploaded.

Execute a Command

Users can directly execute commands on linked artifacts using the Execute Command button by following the steps below:

  1. Click on the Execute Command button.

  2. Select a command from the dropdown menu.

  3. Paste in the raw data and run the command.

If the command ran successfully, users will be taken to the Command Centre tab. The execution results are displayed at the top.

Unlink an Artifact

Artifacts can be unlinked by clicking on the Unlink Artifact button.

Unlinking an artifact removes its association with the incident but does not delete the artifact itself.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close