# Events Timeline

**Example URL:** <https://pentest.ws/e/{engagement.id}/events>

<figure><img src="https://pentestws.wordpress.com/wp-content/uploads/2025/05/image-3.png?w=1024" alt=""><figcaption><p><em>Events list showing both social engineering logs and technical commands. All data shown is fictitious.</em></p></figcaption></figure>

The **Events** system in PenTest.WS provides a structured, timestamped log of your operational activity, from reconnaissance and exploitation to social engineering and post-exploitation actions. Events are searchable, flexible, and evidence-ready, making them essential for timeline analysis and reporting.

## Overview

Each event in PenTest.WS includes:

* **Timestamp** (UTC)
* **Title** or summary (e.g., `Phish: Email to Jane Doe`)
* **Command** (for technical actions like `smbclient`, `nmap`, etc.)
* **Person** or **host** references
* **Details** – one or more rich-text summary blocks
* **Meta Data** – freeform key-value pairs
* **Evidence Locking** – make entries immutable when needed

## Creating & Editing Events

<figure><img src="https://1013683115-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHecEAvxd6Z8cSug6DhWr%2Fuploads%2FhTyKHij8NgvQvwuzUBMG%2Fimage.png?alt=media&#x26;token=ed635671-207d-4ca5-b51b-27f808a5d3b9" alt=""><figcaption><p><em>Edit Event view with capacity for multiple rich text notes and editable key-value metadata.</em></p></figcaption></figure>

You can create events manually or let the platform do it for you:

* **Manual Entry**: Click **Add Event** and fill in the form fields.
* **Auto-Generated Events**: When you click **Copy Command** in Hosts or Services, a corresponding event is created automatically.
* **People Events**: On the People page, you can quickly log a phishing, vishing, or smishing attempt using shortcut buttons.

***

## Evidence Locking

When an event is finalized and used as part of a finding or timeline, you can **mark it as Evidence** by clicking the lock icon.

* Evidence entries become **read-only and undeletable**
* Ensures data integrity for reporting, audits, or peer review
* Timestamp and author information is preserved

***

## Filtering & Sorting

The Events view allows filtering by:

* **Keyword** in title or summary
* **Time (Newest/Oldest)**
* **Type** (e.g. Command, Vishing, Phishing, etc.)

You can also export your timeline for additional processing or inclusion in external reports.

***

## Notes & Best Practices

* All timestamps are recorded in **UTC** to support correlation with other log sources
* Use consistent tags and metadata to streamline search and export
* Link people and hosts to ensure full traceability from action → target → impact
* Lock Evidence only after review - it cannot be edited or removed afterward

***

## Tier Availability

**Events Timeline** is available on **Pro Tier**.