Events Timeline
Example URL: https://pentest.ws/e/{engagement.id}/events
The Events system in PenTest.WS provides a structured, timestamped log of your operational activity, from reconnaissance and exploitation to social engineering and post-exploitation actions. Events are searchable, flexible, and evidence-ready, making them essential for timeline analysis and reporting.
Overview
Each event in PenTest.WS includes:
Timestamp (UTC)
Title or summary (e.g.,
Phish: Email to Jane Doe)Command (for technical actions like
smbclient,nmap, etc.)Person or host references
Details – one or more rich-text summary blocks
Meta Data – freeform key-value pairs
Evidence Locking – make entries immutable when needed
Creating & Editing Events
You can create events manually or let the platform do it for you:
Manual Entry: Click Add Event and fill in the form fields.
Auto-Generated Events: When you click Copy Command in Hosts or Services, a corresponding event is created automatically.
People Events: On the People page, you can quickly log a phishing, vishing, or smishing attempt using shortcut buttons.
Evidence Locking
When an event is finalized and used as part of a finding or timeline, you can mark it as Evidence by clicking the lock icon.
Evidence entries become read-only and undeletable
Ensures data integrity for reporting, audits, or peer review
Timestamp and author information is preserved
Filtering & Sorting
The Events view allows filtering by:
Keyword in title or summary
Time (Newest/Oldest)
Type (e.g. Command, Vishing, Phishing, etc.)
You can also export your timeline for additional processing or inclusion in external reports.
Notes & Best Practices
All timestamps are recorded in UTC to support correlation with other log sources
Use consistent tags and metadata to streamline search and export
Link people and hosts to ensure full traceability from action → target → impact
Lock Evidence only after review - it cannot be edited or removed afterward
Tier Availability
Events Timeline is available on Pro Tier.
Last updated