Add Attachments in Incidents
During the incident response, you can upload the external files that are related to the incident as attachments. You can add files in any format. The attachments are categorized into the following types:
Artifacts: Supporting data that serve as references during the incident investigation of the suspected threat that is collected when an incident is identified. For example, IOCs, screenshots, logs, and more. During the investigation process, if you find any artifacts to be evidence of the threat, you can mark the artifact as evidence and move it under the Evidence attachment type.
Evidence: Supporting data that serve as evidence of the threat. For example, IOCs, screenshots, forensic details, logs, and more. You can mark an evidence file as an artifact and move it under the Artifacts attachment type.
Others: Other supporting data that is related to an incident but does not serve as an artifact or evidence.
Add Attachment
To add an attachment to an incident, follow these steps:
Note
You can upload up to 10 files simultaneously, with a maximum size of 100 MB each.
Go to Menu > Incidents and open an incident.
Go to Attachments on the left and select the appropriate attachment type.
Do one of the following:
Drag and drop files on the attachment area that reads Drag and drop a file to upload or click here to do it manually.
Click the attachment area, select a file, and click Upload.
Manage Attachments
You can perform the following activities to manage attachments:
Preview the attached images in the following formats:
JPG/JPEG
PNG
Download attachments.
Add notes in an attachment. You can view the added notes under Mission Control > Notes.
Delete attachments.
Note
You cannot delete the attachments that are marked as evidence.
Mark artifacts as evidence and vice versa.