Running Wazuh 7.10.02. Host, Wazuh, and Kibana show the right time, but when I get the alerts in my email, the body of the email shows the wrong time. Setup is all on the same server. All systems are in the same office/time zone.
Welcome @nwenner76 !
Just to make sure we're on the same page - there are several time fields we store. What are you considering as the "right" time? We have @timestamp, event.ingested and also allow users to specify what field they want used as timestamp in timestamp override.
Hopefully with a bit more information as to what fields you're looking at we can help get to the bottom of it 
Best,
Yara
Can you share the time that you expected to receive and the time in the e-mail generated by the alert?
What is the difference between them? It is the same difference as the one from your timezone and UTC?
In elasticsearch all date time values are stored as UTC and, if I'm not wrong, currently the alerts will populate the messages using the UTC time, they will not convert it to your timezone as Kibana does.
At least this is the behavior that I have in my alerts, the date time are always in UTC, so an alert received at 07:30 in my timezone, will appear as 10:30, as I'm in UTC-3.
I think your issue is the same as the one in this post.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.