connectors icon indicating copy to clipboard operation
connectors copied to clipboard
verified publisher icon OpenCTI-Platform

[Splunk] Take into account the timestamp timezone

Open Tonnulus opened this issue 3 years ago • 1 comments

Use case

When I export data from OpenCTI to Splunk all my events are 2 hours late, because all my servers run in UTC+2 including my OpenCTI server. But OpenCTI use UTC Time zone. I didn't find any way to configure the time zone. Is it possible to add this feature ?

Current Workaround

None

Proposed Solution

Add a time zone configuration option.

Tonnulus avatar Jul 11 '22 07:07 Tonnulus

Hello,

OpenCTI dates are stored in the ISO format that actually includes the timezone. It may be linked to the Splunk connector that is not taking into account the full timestamp. I will check how we can fix this.

Kind regards, Samuel

SamuelHassine avatar Jul 12 '22 15:07 SamuelHassine