1-click Investigation Timelines
Create comprehensive investigation event timelines with a single click and in just a few minutes.
Add new endpoints
Easily add additional endpoints/off-network endpoints to your timeline as your investigation progresses and lateral movement is identified.
Enrich with milestones
Add anecdotal evidence obtained during the investigation process i.e. HR intelligence, timings of real-world events, etc.
Import CSV files
Use AIR’s 4-step, format-agnostic CSV importer to enrich your timeline with mapped data from Cloud systems, firewall logs, and much more.
The CSV import feature gives you the possibility to upload your own CSV file and start analyzing the uploaded data on your AIR Timeline. These CSV files can be collected from your cloud platform, firewall logs, or anywhere else. The source doesn’t play any role here. The important thing is that you can upload and start analyzing CSV files quickly and in a simple, collaborative way.
Flag events of interest with a severity scale and collect flagged events for streamlined management reporting. Flagged events will appear in the timeline section as well as in the right part of the dashboard where you can see a full list of flagged events for easier reporting and analysis.
Send to timeline
You can send acquisition files directly from the AIR console to your event timeline by using the "send to timeline" option.