View Threat Data Activity Timeline
The threat data activity timeline shows you the complete history of indicators in Intel Exchange. The timeline gives you information on all aspects of indicators and the actions performed on them such as:
Added to or removed from the watchlist
Added to or removed from allowed indicators
Added or removed from ignored third-party indicators
Marked as revoke
Calculated confidence score
Marked or unmarked as deprecated
Marked or unmarked for manual review
Marked or unmarked as a false positive
Added or removed tags
Actions passed by CTIX rules
Updated TLP
Received data from tools, sources, or subscribers
Updated risk severity
Updated analyst description
Updated custom score
To view the activity timeline for indicators:
Go to Main Menu > Collection > Threat Data.
Select an indicator to view the details.
Important
You can view the timeline only for indicators.
Click Timeline. Total Lifetime shows the overall duration the indicator was present in Intel Exchange.
You can view the date and time when the action was performed on the indicator.
Unable to view activity timeline?
During periods of heavy feed polling from various sources, there may be a delay in displaying the timeline. We recommend waiting for a while and then reloading the page.