would be nice if ITDR could provide a full breakdown of what happened

ex:

user clicked phishing email at 3:45 pm

attacker accessed from country X at 5:30 PM

attacker created exchange rule

attacked access files XYZ

Petra can do something similar to this already so it can be done