Hello Guys,

When we do our invest, we logs collected logs, but when we collect it, for each logs we write down the 1st Event and Last Event in the collected logs. Which is obviously usefull.

It will be nice to be able to log it in the collected things and have it exported in the report.

bye.

Hi @Th4nat0s

We'll probably soon add the evidence type feature in Evidences. This is maybe something we can add. In the meantime, the custom attributes can be used to do so and extend the Evidence objects: https://docs.dfir-iris.org/operations/custom_attributes/

Cheers