It is usually best practice to have logs set in UTC. Currently ThreatSTOP will also delay parsing of logs until they hit the correct UTC time, so if your local time is in the future, you may have alerts and reporting delayed by several hours, UTC should be the default on any TSCM, but to do it on a Ubuntu based BIND server simply run the command:
sudo timedatectl set-timezone UTC
The exception to this is logs from an AD server and DNS Defense Cloud devices.
This is important for all IP and DNS defense devices.
Comments