Skip to content

Commit ab3b47c

Browse files
author
Ben Skelker
committed
continues timeline object schema
1 parent 3e9801a commit ab3b47c

File tree

1 file changed

+9
-7
lines changed

1 file changed

+9
-7
lines changed

docs/siem/reference/timeline-schema.asciidoc

Lines changed: 9 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -13,33 +13,35 @@
1313
|`dataProviders` |Object[] |The dropzone query.
1414
|`dateRange` |Object |The timeline's range.
1515
|`description` |String |The timeline's description.
16-
|`eventNotes` |Object[] |Ben: ??Notes added to specific events.
16+
|`eventNotes` |Object[] |Notes added to specific events in the timeline.
1717
|`eventType` |String a|Event types displayed in the timeline, which can be:
1818

1919
* `all`: all events
2020
* `raw`: raw events only
2121
* `signal`: signals only
2222

23+
|`favorite` |Object[] |Indicates who and marked a timeline as a favorite.
2324
|`filters` |Object[] |Filters used in addition to the dropzone query.
2425
|`globalNotes` |Object[] |Notes added to the timeline.
25-
|`kqlMode` |String a|Determines whether the dropzone queries are filtered (`and`) or additional search results are displayed (`or`), can be:
26+
|`kqlMode` |String a|Indicates whether the dropzone queries are filtered (`and`) or additional search results are displayed (`or`), can be:
2627

2728
* `filter`: filters dropzone query results
2829
* `search`: displays additional search results
2930

30-
|`kqlQuery` |Object |Determines whether additional filters use KQL or Lucene
31+
|`kqlQuery` |Object |Indicates whether additional filters use KQL or Lucene
3132
queries.
32-
|`pinnedEventIds` |Object[] |Pinned events
33+
|`pinnedEventIds` |Object[] |Pinned row IDs.
3334
|`savedObjectId` |String |Saved object ID.
3435
|`savedQueryId` |String |If used, the saved query ID used to filter or search
3536
dropzone query results.
36-
|`sort` |Object |Determines how rows are sorted in the result's grid.
37+
|`sort` |Object |Indicates how rows are sorted in the result's grid.
38+
|`status` |String |Ben: ???
3739
|`templateTimelineId` |Ben: ??? |
3840
|`templateTimelineVersion` |Ben: ??? |
3941
|`timelineType` |String |Ben: ????
4042
|`title` |String |The timeline's title.
41-
|`updated` |Float |The time the timeline was last updated, using a
43+
|`updated` |Float |The last time the timeline was last updated, using a
4244
13-digit Epoch timestamp.
4345
|`updatedBy` |String |The user who last updated the timeline.
44-
|`version` |String |Timeline version.
46+
|`version` |String |The timeline's version.
4547
|==============================================

0 commit comments

Comments
 (0)