cyb3rfox
commented
3 years ago Interesting idea. So generally the tabs can be filtered by time which sort of makes the time based extra tab obsolete. I'll try to implement the New/Hot option though. I guess that should be across many other data tabs not just timeline. I'm think about a "Hot report" button or something that will open a text summary of what happened in the last n hours. let's discuss.
In the "Case Management" menu on the left hand side, a new section called something like "New IOCs", "News" or something to that effect.
This new section would have a time/date filtering option, where you could select to filter by the last 24 hours, a list of all the new items added to the timeline over the last 24 hours would then be displayed. In addition to this, investigators could tag certain IOCs as "News" or "important". this would force them to be displayed in the "New IOCs" tab. Where they could then be removed from this view by removing the "News/Important" tag from them.
The reason for this improvement is that during investigations that have multiple investigators plus an incident lead that are working multiple engagements at the same time, it is very common to need a quick way of understanding what the new discoveries are for the next customer update call.