Timeline Widget
The Timeline widget provides a sequential event log of all a user or host's activities, including a description for each event that helps explain the activity in plain English. Viewed chronologically, the widget is a way to "tell a story" about a user or host's activity in LogRhythm.
The Timeline widget, is only available on a Host Analyze or User Analyze details page, accessible when you click the View Details button on the Inspector panel of a log or alarm.
Activity Types
There are two activity types available in the Timeline widget: Logs and CloudAI.
Log Activity
Logs returned in the Timeline widget will appear in a log activity card. Each card displays the log's classification, common event, risk score, and normalized date. A contextualized sentence explaining the activity that occurred is centered on the card. To see more information on the activity, click the card.
CloudAI Activity
A block for CloudAI activity appears at the top of each hour, if any activity occurred. Each CloudAI event produces a card that displays the score, name of activity, number of observations, number of expected, and classification. To see more information on the activity, click the card.
Widget Settings
To open the Timeline widget settings, click the Gear icon in the upper-right corner of the widget. The following settings are available:
- Widget Title
- Sort Order. Ascending or Descending.
- Activity Type. Logs or CloudAI Anomalous Events.
- Lucene Filter. The ability to add a Lucene filter to the query to filter the data displayed in the widget.
- Log Activity Classifications. A checklist of all classifications.
CloudAI Activity Events. A checklist of all CloudAI Activity Events
This setting is available to CloudAI customers only.