Incident Timeline
The Incident Timeline shows the timeline of all the events of an incident, starting from the time the incident was created.
To view the Incident Timeline page:
-
Access XDR
Extended Detection & Response and click Incidents > Incidents. -
Click the incident title or hover over the incident and click >.
-
Click Incident Timeline.
|
Legend |
Item |
Description |
||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
1 |
Date |
Date of event. |
||||||||||
|
2 |
Time |
Time of event. |
||||||||||
|
3 |
Event type |
|
||||||||||
|
4 |
Severity |
Severity of the event. An event is color-coded based on its severity. |
||||||||||
|
5 |
Assets (Applies to Insight type only) |
Number of assets involved in the incident. To view the asset details, click the Assets link. The Affected assets page appears. |
||||||||||
|
6 |
Indicators |
Number of indicators created for the incident. To view the indicator details, click the Indicators link. The Indicators & Artifacts page appears. |
||||||||||
|
7 |
Source of the incident (Applies to Insight type only) |
N/A |
||||||||||
|
8 |
Sort by time |
Sort events in the chronological or reverse-chronological order. |
||||||||||
|
9 |
|
Filter the timeline by:
|
||||||||||
|
10 |
|
Create an exclusion for the incident. See Exclusions. |
||||||||||
|
11 |
|
Add a comment on the incident. |
||||||||||
|
12 |
Status |
Status of the incident.
|
||||||||||
|
13 |
Assignee name |
Security expert to whom the incident is assigned. |
||||||||||
|
14 |
Search |
Enter free text to search in the timeline. |
