Home

Timeline SNAFU

%3CLINGO-SUB%20id%3D%22lingo-sub-1011785%22%20slang%3D%22en-US%22%3ETimeline%20SNAFU%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1011785%22%20slang%3D%22en-US%22%3E%3CP%3EI%20noticed%20when%20looking%20at%20the%20Timeline%20while%20investigating%20an%20indecent%20that%20it%20was%20messed%20up.%26nbsp%3B%20The%20date%2Ftimes%20shown%20do%20not%20match%20what%20what%20I%20see%20in%20the%20Incident%20list%20and%20actually%20some%20of%20the%20dates%20are%20way%20before%20the%20Analytics%20rule%20was%20even%20created%20(like%20anything%20saying%208AM)%26nbsp%3B%20Any%20ideas%20why%20this%20happened%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F157445iF3F8832F1014C9BD%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22TImelineSNAFU.png%22%20title%3D%22TImelineSNAFU.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%E2%80%83%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1015757%22%20slang%3D%22en-US%22%3ERe%3A%20Timeline%20SNAFU%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1015757%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20might%20be%20a%20time%20zone%20thing.%26nbsp%3B%20Ill%20share%20with%20the%20team%3C%2FP%3E%3C%2FLINGO-BODY%3E
Gary Bushey
Contributor

I noticed when looking at the Timeline while investigating an indecent that it was messed up.  The date/times shown do not match what what I see in the Incident list and actually some of the dates are way before the Analytics rule was even created (like anything saying 8AM)  Any ideas why this happened?

 

TImelineSNAFU.png

2 Replies

ill check with the team, this might be the incident created time vs the security alert creation time.

@Gary Bushey 

in the meantime, understand that asking for related alerts in investigation is querying SecurityAlert for that entity.  Not all security alerts are incidents.

 

you dont have other security alerts in the workspace right?  just the ones that are from the incidents shown?

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies