Guides
ProductDeveloperPartnerPersonal
ProductDeveloperPartnerPersonal

(deprecated) Timeline

🚧

We are retiring and replacing this timeline with a new timeline as a part of the Passive DNS feature. For more information on the new timeline, see Passive DNS Timeline. To learn more about passive DNS, see Passive DNS.

The Timeline section displays a timeline chart to show when when a domain, IP or URL was given attribution of a particular security categorization or threat type—indicators of compromise. It also shows when the attribution changed, whether that’s an added attribution, a subtracted attribution, or an attribution that's been re-added later. This can be used to determine if a blocked domain, IP or URL is a newly discovered threat or has been blocked for a long period of time.

Timeline example for verify-goole.com—A Threat

Timeline example for cisco.com—Not a Threat

Often domains, IP or URLs are flagged as malicious in our research, but the site owner takes time to patch the server from any exploits or malware being hosted. The categorization is updated on our end, and the /timeline/ endpoint reflects the change.

Note: While we have made a best effort approach to reconstruct the past timeline of events, categorization information for indicators of compromise prior to August 2017 may be inaccurate.

Timeline Details

  • Current Categorization—The Umbrella security category, if any.
  • First Queried—The first time that Umbrella saw this domain being queried, in epoch time. This time only applies to new domains, which are defined as domains first queried some time after we started tracking it's availability.
  • Last Updated— Date the record was last updated.
  • Expires—The date the record expires.
  • Registered—Date the domain was registered.
  • Content Categories—The Umbrella content category, if any.

Categories Changed, Added and Removed

Malicious domains—those that pose a security threat—are displayed in red and include informational tags across the timeline to help you determine when changes occurred—you are presented with a historical record of activity. For example, if a domain has been categorized previously, then categorized again—for example, if it were hosting malware, then was found to be cleaned, then found again to be hosting malware—you will have a historical record of the tagging for this activity.

Scroll your mouse over an icon to access information.

Categories Added shows you when and where on the timeline the categorization of the domain occurred.

You can also see when a categorization was removed for the domain.

Notification Alerts < Timeline > Passive DNS Timeline

Updated about 1 month ago