> For the complete documentation index, see [llms.txt](https://docs.pentest.ws/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.pentest.ws/people-and-events/events-timeline.md).

# Events Timeline

**Example URL:** <https://pentest.ws/e/{engagement.id}/events>

<figure><img src="https://pentestws.wordpress.com/wp-content/uploads/2025/05/image-3.png?w=1024" alt=""><figcaption><p><em>Events list showing both social engineering logs and technical commands. All data shown is fictitious.</em></p></figcaption></figure>

The **Events** system in PenTest.WS provides a structured, timestamped log of your operational activity, from reconnaissance and exploitation to social engineering and post-exploitation actions. Events are searchable, flexible, and evidence-ready, making them essential for timeline analysis and reporting.

## Overview

Each event in PenTest.WS includes:

* **Timestamp** (UTC)
* **Title** or summary (e.g., `Phish: Email to Jane Doe`)
* **Command** (for technical actions like `smbclient`, `nmap`, etc.)
* **Person** or **host** references
* **Details** – one or more rich-text summary blocks
* **Meta Data** – freeform key-value pairs
* **Evidence Locking** – make entries immutable when needed

## Creating & Editing Events

<figure><img src="/files/8ADtzrVl2T01cqLJygXm" alt=""><figcaption><p><em>Edit Event view with capacity for multiple rich text notes and editable key-value metadata.</em></p></figcaption></figure>

You can create events manually or let the platform do it for you:

* **Manual Entry**: Click **Add Event** and fill in the form fields.
* **Auto-Generated Events**: When you click **Copy Command** in Hosts or Services, a corresponding event is created automatically.
* **People Events**: On the People page, you can quickly log a phishing, vishing, or smishing attempt using shortcut buttons.

***

## Evidence Locking

When an event is finalized and used as part of a finding or timeline, you can **mark it as Evidence** by clicking the lock icon.

* Evidence entries become **read-only and undeletable**
* Ensures data integrity for reporting, audits, or peer review
* Timestamp and author information is preserved

***

## Filtering & Sorting

The Events view allows filtering by:

* **Keyword** in title or summary
* **Time (Newest/Oldest)**
* **Type** (e.g. Command, Vishing, Phishing, etc.)

You can also export your timeline for additional processing or inclusion in external reports.

***

## Notes & Best Practices

* All timestamps are recorded in **UTC** to support correlation with other log sources
* Use consistent tags and metadata to streamline search and export
* Link people and hosts to ensure full traceability from action → target → impact
* Lock Evidence only after review - it cannot be edited or removed afterward

***

## Tier Availability

**Events Timeline** is available on **Pro Tier**.
