When you are on a incident, you may need to view if an IOC (Artifact) match against Threat Intelligence , on the summary page. You may also need to launch automation after this match. 2 properties fields are used: incident.properties.threat contains the value in rich text that show the message incident.properties.artifact_hit contains boolean that is change when an artifcat match a Threat Intelligence You can show the results of the match in you Summary section, and use the boolean field value change to yes to lauch new automation. Result in the summary view: Attached is the res file to import this configuration. Feel free to use, change, adapt this code to your usage. Building the res file: resilient-circuits extract --script "GUI: Artifact Threat Hit" --rule "ORG: Threat Hit All" --field "threat" "artifact_hit" -o config_Threat_HIt.res --zip