New Blog Post | What’s new: Incident timeline

%3CLINGO-SUB%20id%3D%22lingo-sub-2270723%22%20slang%3D%22en-US%22%3ENew%20Blog%20Post%20%7C%20What%E2%80%99s%20new%3A%20Incident%20timeline%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2270723%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22JasonCohen1892_0-1618338171593.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F272568i6AB6B635A4A946AC%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22JasonCohen1892_0-1618338171593.png%22%20alt%3D%22JasonCohen1892_0-1618338171593.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fwhat-s-new-incident-timeline%2Fba-p%2F2267683%22%20target%3D%22_blank%22%3EWhat%E2%80%99s%20new%3A%20Incident%20timeline%20-%20Microsoft%20Tech%20Community%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EBuilding%20a%20timeline%20of%20a%20cyber%20security%20incident%20is%20one%20of%20the%20most%20critical%20parts%20of%20affective%20incident%20investigation%20and%20response.%20It%20is%20essential%20in%20order%20to%20understand%20the%20path%20of%20the%20attack%2C%20its%20scope%20and%20to%20determine%20appropriate%20response%20measures.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENow%20in%20public%20preview%2C%20we%20are%20redesigning%20the%20Azure%20Sentinel%20full%20incident%20page%20to%20display%20the%20alerts%20and%20bookmarks%20that%20are%20part%20of%20the%20incident%20in%20a%20chronological%20order.%20As%20more%20alerts%20are%20added%20to%20the%20incident%2C%20and%20as%20more%20bookmarks%20are%20added%20by%20analysts%2C%20the%20timeline%20will%20update%20to%20reflect%20the%20information%20known%20on%20the%20incidents.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Microsoft

JasonCohen1892_0-1618338171593.png

What’s new: Incident timeline - Microsoft Tech Community

Building a timeline of a cyber security incident is one of the most critical parts of affective incident investigation and response. It is essential in order to understand the path of the attack, its scope and to determine appropriate response measures.

 

Now in public preview, we are redesigning the Azure Sentinel full incident page to display the alerts and bookmarks that are part of the incident in a chronological order. As more alerts are added to the incident, and as more bookmarks are added by analysts, the timeline will update to reflect the information known on the incidents.

0 Replies