menu_book Data Type

Infection Timeline

Also known as: Infection date, Compromise timeline

An infection timeline is the chronological record of when a device was compromised and when its data was harvested, derived from infostealer log metadata. It helps responders scope exposure — what credentials were valid at the time and what to reset.

What is an infection timeline?

Stealer logs typically carry metadata indicating when the infection and data collection occurred. Reconstructing this timeline shows how long a device was compromised and which credentials and sessions were captured at that point.

Why the timeline matters

Knowing the infection date lets responders determine which credentials were active, whether subsequent password changes already mitigated the exposure, and how urgently to act — turning a raw log into an actionable response plan.

How VantaPrism Tracks Infection Timeline

VantaPrism exposes infection-date metadata for each log, so analysts can scope exposure precisely and prioritise remediation based on what was valid at the time of compromise.

Check Your Exposure arrow_forward

Frequently Asked Questions

Why does the infection date matter?

expand_more

It tells responders which credentials and sessions were valid at the time of compromise, helping them decide what still needs resetting and how urgently.

Related Terms

Stealer Logs arrow_outward

A stealer log is the package of data exfiltrated from a single device by infostealer malware. It typically contains s…

Compromised Credentials arrow_outward

Compromised credentials are usernames and passwords that have been exposed to unauthorized parties — frequently throu…

Session Cookie arrow_outward

A session cookie is a token a website stores in the browser to keep a user logged in after authentication. Stolen ses…

Threat Intelligence arrow_outward

Threat intelligence is evidence-based knowledge about threats — actors, tactics, and indicators — used to inform defe…

← All Glossary Terms Last reviewed: June 2026