Key Events

Cado parses events from evidence items. These events may have times associated with them. They may also be tagged as Alarm, which indicates a high likelihood of malicious activity, or Suspicious, which indicates a lower likelihood of malicious activity.

The Key Events tab contains all timeline events tagged as Alarm or Suspicious, whereas the Alarms and Suspicous tabs contains only events tagged as Alarm and Suspicious respectively

Each key timeline event shows why Cado Response has tagged that event as an Alarm or Suspicious