Forum Discussion
Bronze IIThreat Research: Cobalt Strike C2 – SIEM Analysis - Question 4
Hey folks, I consulted with a colleague who finished the lab and got the answer with their advice. Format of the answer is HH.MM.SS (periods instead of colons), and they used event.created field instead of @timestamp. Also gotta check timezones ;)
The wording of the question is a bit misleading here, may want to address that?
Bronze IIHey folks, I consulted with a colleague who finished the lab and got the answer with their advice. Format of the answer is HH.MM.SS (periods instead of colons), and they used event.created field instead of @timestamp. Also gotta check timezones ;)
The wording of the question is a bit misleading here, may want to address that?
- BenMcCarthy
Immerser
Hi ColeS,
Thank you for sending your feedback! We have updated the task to ask for the event, created just as you pointed out! I have also chatted with the QA teams to ensure we are triple-checking for this type of error! I hope you enjoyed the lab, though :)
- ColeS
Was fun, thank you!
- CyberSharpe
Silver I
Had the same issue. HH.MM.SS I was going insane with it. However once I did the . . . . it auto adjusted my time to an hour before UTC time.
- KieranRowley
Community Manager
Thank you for the feedback ColeS I will pass it along to the lab author
