ProTip for SIEM: Incorrect timestamps from source events cause unreliable or failed correlation

Version 1

    Source log events with incorrect timestamps can cause correlation to fail. Specifically, correlation rules might fail to trigger, trigger when they should not, or produce unpredictable results if the source events have incorrect timestamps. For more information on this issue and its solution, see KB85600.