A new public preview has begun rollout today that takes some of the Timeline details from the Investigation Graph and makes it available directly in the Incident details.
This capability exposes some of the important pieces of the Investigation Graph to enable a quick view understanding of the storyline of the event, i.e., how it happened, who did it, etc. It also includes access to any Playbooks that exist in your workspace (which is also still located on the Alerts tab).
The information is pulled from the same data that supplies the Timeline and details from the Investigation graph (shown in the next image).
P.S. If you look at the first image in this post, I want to also call out the new location (top left) for creating Automation Rules directly from the Incident.
As new alerts or even bookmarks are added to the current Incident, the Timeline view will be updated (as shown in the next image) with the new content continually.
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Azure Sentinel Newsletter]