Forum Discussion
Timeline SNAFU
I noticed when looking at the Timeline while investigating an indecent that it was messed up. The date/times shown do not match what what I see in the Incident list and actually some of the dates are way before the Analytics rule was even created (like anything saying 8AM) Any ideas why this happened?
- Nicholas DiCola (SECURITY JEDI)
Microsoft
ill check with the team, this might be the incident created time vs the security alert creation time.
- Nicholas DiCola (SECURITY JEDI)
in the meantime, understand that asking for related alerts in investigation is querying SecurityAlert for that entity. Not all security alerts are incidents.
you dont have other security alerts in the workspace right? just the ones that are from the incidents shown?
