Ability to extend the scheme of the artifacts

We need the ability to add diffrent fields to the artifacts. Same as we can extend the scheme of the incident we need to create custom fields to the artifacts. This can be used to indicate the status of the artifact is blocked or allowed. Also might be used to indecate the place where is the ip inside my network, etc.

  • Guest
  • Apr 19 2018
  • Future consideration
  • Attach files
  • Guest commented
    22 Apr, 2020 04:15am

    This is totally needed. Especially in scripting with scripts, functions etc...

    For example, I need some boolean fields to indicate whether a bad IP was blocked in firewall or not, or some text fields to indicate where the artifact came from

    Without such fields, it's very hard to keep track of the artifacts' status and activities around them during the incident response process

  • Guest commented
    5 Apr, 2020 02:19pm

    I need this too

  • Guest commented
    24 May, 2019 03:47am

    Totally agreed with this RFE. To be able to insert/update field to Artifacts of an incident  will be great. Many info to be displayed.Appeciated ......

  • Guest commented
    24 Jan, 2019 05:17pm

    Seems related to another RFE at its core:

  • Guest commented
    24 Jan, 2019 05:12pm

    This RFE will facilitate integration with a Threat Intel Platform. With it, I could extend the schema to show which artifacts are indicators of attack, indicators of compromise, victim identifiers, or some other context. Or I could modify the schema to align with an existing threat sharing protocol like STIX or TAXII.

  • Guest commented
    3 Dec, 2018 11:49am

    Hierarchical artifacts would also be great. Current use case where specified email sender is added as artifact (and then IP, attachment etc all relating to this email). Thus a hierarchical view of this artifact would be great. Thus certain artifacts are owned by other artifacts (or relate to other artifacts within the same incident). 

  • Guest commented
    26 Jul, 2018 07:51pm

    Also would be great for example to know which 'actions' where triggerred against an artefact - such as 'block requested'

  • Guest commented
    2 Jul, 2018 05:28pm

    Also consider the out of box "IP" artifact allows analysts to specify if it was the source or destination and knows that is not a valid ip address and tells the user so. There is a lot of customization that is not available when creating artifact types.

  • Guest commented
    13 Jun, 2018 08:47pm

    Agree;  At least the descfiption field should be visible at the Artifact which is not the case now.  WHy does it exist if not shown during the entry.. where we could instruct e.g which syntax to use for user IDs or Tel Number or Hosts..

  • Guest commented
    31 May, 2018 10:20am

    I totally agree with this RFE. To be able to insert/update field to Artifact widget will be great. A frame including a scroll bar can be used for many enrichments, informations etc...