Session Timeline
Overview
Session Timeline shows a user’s activity sequence over a selected time or session-related period.
What this feature does
It helps reconstruct what a user did before and after a login or suspicious action.
Why it is useful
- It supports account compromise investigations.
- It helps understand event order.
- It connects authentication, views, and changes in a readable sequence.
Who should read this?
RISE Admin, Security Officer, Support Engineer.
Where to find it
Rise Audit Pro → Session Timeline.
How to use it
- Open Session Timeline.
- Select the user and date if required.
- Load the timeline.
- Review logins, views, and activity events in order.
- Open related logs for detailed evidence.
Example workflow
After a suspicious login, the security officer loads the user’s session timeline to see which records were viewed or changed.
Screenshot
Screenshot required
Capture from: Rise Audit Pro → Session Timeline
Capture from: Rise Audit Pro → Session Timeline
Common mistakes
- Reviewing isolated events without timeline context.
- Assuming a timeline includes unsupported third-party events.
- Not preserving exports or notes for serious investigations.
Related articles
- Investigating Suspicious Login Activity
- User Risk Scores
- Auth Log Overview
