Sascha
@cyb3rb3ar.bsky.social
Blue turned Red turned Purple Teamer. Head in the clouds. Detection Engineering, DFIR, Deception. Ex-SANS Instructor.
@cyb3rb3ar@infosec.exchange
@cyb3rb3ar@infosec.exchange
Reposted by Sascha
Today, in #UTCorGTFO news:
Pro tip: set your logs to be all UTC. This will save your forensic analyst (who bills by the hour) the trouble of having to convert timestamps (and even figuring out which timestamps are in which TZ).
It also keeps them ordered correctly when forwarded to a SIEM, especially from multiple TZ's.
It also keeps them ordered correctly when forwarded to a SIEM, especially from multiple TZ's.
February 23, 2025 at 7:12 PM
Today, in #UTCorGTFO news: