A Timestamp is that field or part of a log that marks the time an event occurred. As such, I would consider it the most important of all the fields contained within that log. It’s also the field most likely to be read or interpreted incorrectly by an on-looker.
Working in IT Security for over a decade slowly made me realize that there’s no one size fits all solution to streamline this concept. C-Level executives might prefer an Incident Report which contains the Local Time of events recording the attack whereas an Incident Responder might think and investigate in UTC!
The intended audience includes but not limited to:
GMT is a time zone and UTC is a time standard.
Coordinated Universal Time or UTC is the primary time standard by which the world regulates clocks and time. It’s immune to Daylight Saving Time. Simply put, you should be using UTC Timestamps as the de-facto standard if you’re working with teams or computers spanning different Time Zones. With this blog, I’ve tried to put together a database of various Security Platforms and how they display Timestamps associated with Events, Alerts and other aspects.
Every platform has an associated child page which opens up as a panel. Please hover over them and click on Open.
I will continue to add more information to this table based on further research and feedback!