After you have created cases, either using Security Case Management, or from artifacts such as IoCs, observables, security incidents, and so forth, you can continue to add artifacts to aid in anaysis of the threats identified.