Skip to main content

Cyware Threat Intelligence eXchange

View Threat Data Activity Timeline

The threat data activity timeline shows you the history of threat data objects in Intel Exchange. The timeline gives you information on all aspects of objects and the actions performed on them, such as:

  • Feed received from a source by a user

  • Added to or removed from the watchlist

  • Added to or removed from allowed indicators

  • Added or removed from ignored third-party indicators

  • Marked as revoke

  • Calculated confidence score

  • Marked or unmarked as deprecated

  • Marked or unmarked for manual review

  • Marked or unmarked as a false positive

  • Added or removed tags

  • Actions passed by CTIX rules

  • Updated TLP

  • Received data from tools, sources, or subscribers

  • Updated risk severity

  • Updated analyst description

  • Updated custom score

To view the activity timeline of objects:

  1. Go to Main Menu > Collection > Threat Data.

  2. Select an object to view the details.

  3. Click Timeline.

    Total System Lifetime displays the overall duration of the object in Intel Exchange. Additionally, you can view the date and time when the action was performed on the object.

Unable to view the activity timeline?

During periods of heavy feed polling from various sources, there may be a delay in displaying the timeline. We recommend waiting for a while and then reloading the page.

Note

Starting with Intel Exchange v3.7.1, the default TLP version is set to 2.0. As a result, all TLP markings will be converted to the 2.0 standard. However, TLP: WHITE will remain unchanged in the threat data Timeline and will not be converted to TLP: CLEAR.