From the Cortex XDR tenant you can view the sequence (or timeline) of events and alerts that are involved in any particular threat.
Notice
Requires a Cortex XDR Pro license.
The Timeline provides a forensic timeline of the sequence of events, alerts, and informational BIOCs, and correlation rules involved in an attack. While the causality view of an alert surfaces related events and processes that Cortex XDR identifies as important or interesting, the Timeline displays all related events, alerts, and informational BIOCs and correlation rules over time.
Note
The Timeline view is not available when investigating cloud Cortex XDR alerts and cloud audit logs or SaaS-related alerts for 501 audit events, such as Office 365 audit logs and normalized logs. Only the applicable cloud causality view and SaaS causality view is available for this data.
The Timeline comprises the following parts: