Skip to main content

Investigation-based attacker activity is now part of the incident timeline

Gradually rolling out:

Autonomous Analyst findings will appear on the timeline, showing you exactly what the attacker did, when they did it, and in what order. Events like initial access, credential compromise, and lateral movement are each tagged by attack stage. Click any event to see what happened and the evidence behind it.

Also new

  • Color-coded badges: tell Findings, Investigations, Responses, Status Changes, and MDR Comments apart at a glance

  • Event source: see who produced each event: the Autonomous Analyst, MDR Analysts, an administrator, or one of your security controls

  • Filters: narrow the timeline by source or event type in one click

Did this answer your question?