Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
FortiKoala
Staff
Staff

Created on ‎03-01-2019 09:11 AM

Article Id 190325

Technical Note: ZoneFox 3 - Event timestamp does not match the timestamp when an alert is fired

Description

Event timestamp does not match the timestamp when an alert is fired


Scope

FAQ


Solution

Problem

I have alerts getting fired, but the timestamp on the events don't always correspond to when the alert gets fired.


For example, when I search for an alert being triggered between 6pm and midnight on 27th February, the alert details show an event that happened around 1:45pm:



Solution

The alert is showing the correct information.


This happens when an agent has been offline and not able to stream event data to ZoneFox, for example a laptop has been off the network, so event data has been stored locally in the agents offline database.  When the agent has come online again, e.g. the laptop is back on the network, the event data has been uploaded to the ZoneFox server - and where applicable, an alert has been triggered at that time.  Hence events from an earlier date or time can be listed for an alert being triggered at a later time.

The agent is designed to store data when offline, so no events are ever lost.



Labels:
280
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.