Timeline in Security Incident Response Workspace
The timeline provides a chronological view of events related to a security incident. Events appear as point events or range events. Administrators can configure which events appear on the timeline and what details are shown in event popovers.
Point events appear as a single marker at a specific time. Range events appear as a bar spanning a duration, such as state transitions.
Base system timeline events
The base system provides 13 predefined event configurations.
| Name | Event Type |
|---|---|
| Approvals | Point |
| Assignment Group Change | Point |
| Capability Executions | Point |
| Incident Created | Point |
| Incident Closed | Point |
| Incident Re-assigned | Point |
| MITRE ATT&CK Mapping | Point |
| MITRE D3FEND Mapping | Point |
| Observable Added | Point |
| Playbook Executions | Point |
| State Changed | Range |
| Task Closed | Point |
| Task Opened | Point |
Note:
You can modify base system event configurations or create custom configurations to
suit your organization's requirements.