View Threat Data Activity Timeline
The threat data activity timeline shows you the history of threat data objects in Intel Exchange. The timeline gives you information on all aspects of objects and the actions performed on them, such as:
Feed received from a source by a user
Added to or removed from the watchlist
Added to or removed from allowed indicators
Added or removed from ignored third-party indicators
Marked as revoke
Calculated confidence score
Marked or unmarked as deprecated
Marked or unmarked for manual review
Marked or unmarked as a false positive
Added or removed tags
Actions passed by CTIX rules
Updated TLP
Received data from tools, sources, or subscribers
Updated risk severity
Updated analyst description
Updated custom score
To view the activity timeline of objects:
Go to Main Menu > Collection > Threat Data.
Select an object to view the details.
Click Timeline.
The Total System Lifetime displays the object's overall duration in Intel Exchange. This view also includes the date and time of each action performed on the object.
To generate an export file of historical activity data beyond the default range, use the Request for Older Data option. Select a duration from the dropdown:
Past 1 Month: Generates activity logs for the last month.
Past 3 Months: Generates activity logs for the last three months.
Past 6 Months: Generates activity logs for the last six months.
Past 1 Year: Generates activity logs for the last year.
All Time: Generates all available activity logs for the object.
Unable to view the activity timeline?
During periods of heavy feed polling from various sources, there may be a delay in displaying the timeline. We recommend waiting for a while and then reloading the page.
Note
Starting with Intel Exchange v3.7.1, the default TLP version is set to 2.0. As a result, all TLP markings will be converted to the 2.0 standard. However, TLP: WHITE will remain unchanged in the threat data Timeline and will not be converted to TLP: CLEAR.