View Threat Data Activity Timeline
The threat data activity timeline shows you the history of threat data objects in Intel Exchange. The timeline gives you information on all aspects of objects and the actions performed on them, such as:
Feed received from a source by a user
Added to or removed from the watchlist
Added to or removed from allowed indicators
Added or removed from ignored third-party indicators
Marked as revoke
Calculated confidence score
Marked or unmarked as deprecated
Marked or unmarked for manual review
Marked or unmarked as a false positive
Added or removed tags
Actions passed by CTIX rules
Updated TLP
Received data from tools, sources, or subscribers
Updated risk severity
Updated analyst description
Updated custom score
To view the activity timeline of objects:
Go to Main Menu > Collection > Threat Data.
Select an object to view the details.
Click Timeline.
Total System Lifetime displays the overall duration of the object in Intel Exchange. Additionally, you can view the date and time when the action was performed on the object.
Unable to view the activity timeline?
During periods of heavy feed polling from various sources, there may be a delay in displaying the timeline. We recommend waiting for a while and then reloading the page.
Note
Starting with Intel Exchange v3.7.1, the default TLP version is set to 2.0. As a result, all TLP markings will be converted to the 2.0 standard. However, TLP: WHITE will remain unchanged in the threat data Timeline and will not be converted to TLP: CLEAR.