Gradually rolling out:
Autonomous Analyst findings will appear on the timeline, showing you exactly what the attacker did, when they did it, and in what order. Events like initial access, credential compromise, and lateral movement are each tagged by attack stage. Click any event to see what happened and the evidence behind it.
Also new
Color-coded badges: tell Findings, Investigations, Responses, Status Changes, and MDR Comments apart at a glance
Event source: see who produced each event: the Autonomous Analyst, MDR Analysts, an administrator, or one of your security controls
Filters: narrow the timeline by source or event type in one click

