one of the challenges of forensic analysis is, as soon as you change your view from offense search to log activity, you loose your offense context and start your search query from scratch. While both user interfaces give you many options to query for more related infos, you may look for an option to combine your custom search with offense data context out of the box. Now there is a solution available - its called Analyst Custom Search. Its available in the App Exchange. Once installed its offering 8 additional out-of-the box searches as soon as you open your offense summary

The default searches offer very different views at offense related data. For example you can ask for x-force information as well as for events coming from the same source ip address. Screenshot picture is showing the result from analyst default search for related events after offense start for the next 15min

the searches can be modified in the admin menu and adopted to your needs. One of the searches available is showing the meta events triggered by the same rule. However one of my favourite log activity searches is the one for meta events generated by the custom rule engine. For my analyst custom search shown below I have chosen a tuned version of the meta event search looking for all meta events triggered by the same source ip address in the last two hours.

the admin menu gives you unlimited options for configuring your analyst custom search to your needs. If you want to modify an existing search or create your own custom search, you need to drill down for the config menu at the very bottom and either modify an existing search or create your own analyst custom search. For immediate validation of your AQL code please check it first using the validate button before saving. An optional tag may help you to identify your custom search. Once saved your custom search will show up in the related offense context.