Security considerations
Attack Timeline implements security controls for data access, retention policies, and audit logging to help ensure secure operation within QRadar environments.
Attack Timeline integrates with QRadar security infrastructure to protect sensitive data and maintain audit trails. Understanding these security considerations helps you manage data access, plan for data retention, and monitor system activity.
Data access control
Attack Timeline enforces QRadar security controls to help ensure that users can access authorized data only:
- QRadar security integration
- Attack Timeline respects all QRadar security controls and permissions. Users cannot bypass existing security policies through the timeline interface.
- Offense access restrictions
- Users can view only timelines for offenses they have access to based on their assigned permissions and security profiles.
- Security profile filtering
- Security profiles are considered during milestone generation. The system filters data according to the user's security profile before you create milestones.
Data retention
Attack Timeline stores data in two locations with different retention policies:
Milestones are stored in the QRadar database with the following characteristics:
- Subject to QRadar data retention policies
- Automatically cleaned up when offense data is removed
- No separate retention configuration needed
- Managed through standard QRadar data retention settings
Bookmarks are stored in browser local storage with the following characteristics:
- Stored only in the browser's local storage
- Not backed up by QRadar
- User is responsible for managing bookmarks
- Lost if browser data is cleared or the browser cache is deleted
- Not synchronized across different browsers or devices
Audit logging
Attack Timeline logs system activity for security monitoring and troubleshooting:
- Timeline access logging
- Access to Attack Timeline features is logged in QRadar audit logs for security monitoring and compliance tracking.
- Generation task tracking
- Milestone generation tasks are tracked in system logs, including start time, completion status, and processing duration.
- Error recording
- Errors that occur during timeline operations are recorded in system logs with detailed diagnostic information for troubleshooting.