ITDR Data Exfiltration Timeline now available

ITDR subscribers now have access to the new Data Exfiltration Timeline. This new view within ITDR incident reports presents an overview of adversary activity from compromise to remediation, including files and emails accessed, saving you precious time in diagnosing how to respond to a compromise.

The Timeline also includes a complete chronological record of when the compromise started, when Microsoft sent logs to Huntress, and when Huntress took action.

Huntress has retroactively generated Timelines dating back to when we enabled additional audit log ingestion for each account. For most accounts, this took place in December or early January.

For more information, check out The Incident Report Timeline.