# Events Timeline

**Example URL:** <https://pentest.ws/e/{engagement.id}/events>

<figure><img src="https://pentestws.wordpress.com/wp-content/uploads/2025/05/image-3.png?w=1024" alt=""><figcaption><p><em>Events list showing both social engineering logs and technical commands. All data shown is fictitious.</em></p></figcaption></figure>

The **Events** system in PenTest.WS provides a structured, timestamped log of your operational activity, from reconnaissance and exploitation to social engineering and post-exploitation actions. Events are searchable, flexible, and evidence-ready, making them essential for timeline analysis and reporting.

## Overview

Each event in PenTest.WS includes:

* **Timestamp** (UTC)
* **Title** or summary (e.g., `Phish: Email to Jane Doe`)
* **Command** (for technical actions like `smbclient`, `nmap`, etc.)
* **Person** or **host** references
* **Details** – one or more rich-text summary blocks
* **Meta Data** – freeform key-value pairs
* **Evidence Locking** – make entries immutable when needed

## Creating & Editing Events

<figure><img src="https://1013683115-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHecEAvxd6Z8cSug6DhWr%2Fuploads%2FhTyKHij8NgvQvwuzUBMG%2Fimage.png?alt=media&#x26;token=ed635671-207d-4ca5-b51b-27f808a5d3b9" alt=""><figcaption><p><em>Edit Event view with capacity for multiple rich text notes and editable key-value metadata.</em></p></figcaption></figure>

You can create events manually or let the platform do it for you:

* **Manual Entry**: Click **Add Event** and fill in the form fields.
* **Auto-Generated Events**: When you click **Copy Command** in Hosts or Services, a corresponding event is created automatically.
* **People Events**: On the People page, you can quickly log a phishing, vishing, or smishing attempt using shortcut buttons.

***

## Evidence Locking

When an event is finalized and used as part of a finding or timeline, you can **mark it as Evidence** by clicking the lock icon.

* Evidence entries become **read-only and undeletable**
* Ensures data integrity for reporting, audits, or peer review
* Timestamp and author information is preserved

***

## Filtering & Sorting

The Events view allows filtering by:

* **Keyword** in title or summary
* **Time (Newest/Oldest)**
* **Type** (e.g. Command, Vishing, Phishing, etc.)

You can also export your timeline for additional processing or inclusion in external reports.

***

## Notes & Best Practices

* All timestamps are recorded in **UTC** to support correlation with other log sources
* Use consistent tags and metadata to streamline search and export
* Link people and hosts to ensure full traceability from action → target → impact
* Lock Evidence only after review - it cannot be edited or removed afterward

***

## Tier Availability

**Events Timeline** is available on **Pro Tier**.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.pentest.ws/people-and-events/events-timeline.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.