Skip to content

Improve log timestamp normalization gates#1423

Open
MAUROCERON wants to merge 1 commit into
UnitOneAI:mainfrom
MAUROCERON:improve/log-timestamp-normalization-1422
Open

Improve log timestamp normalization gates#1423
MAUROCERON wants to merge 1 commit into
UnitOneAI:mainfrom
MAUROCERON:improve/log-timestamp-normalization-1422

Conversation

@MAUROCERON
Copy link
Copy Markdown

@MAUROCERON MAUROCERON commented Jun 6, 2026

Implements #1422.

Summary

  • Adds a timestamp normalization and clock-skew evidence gate before log correlation.
  • Adds a required Timestamp Normalization Matrix to the report output so event time, ingestion/index time, parser selection, timezone, and skew confidence are documented.
  • Adds edge-case fixtures for Windows local time ambiguity, CloudTrail ingestion delay, Sysmon clock skew, Linux auth timestamp gaps, parser mapping mistakes, and a complete normalized timeline.

Validation

  • Verified Markdown fence balance for the updated skill and new fixture.
  • Verified required markers for event time, ingestion/index time, clock-skew evidence, parser timestamp fields, Not Evaluable decisions, CloudTrail, Sysmon, and Linux auth logs.
  • Verified new reference URLs with live checks: AWS 200, Splunk 200 via curl, Elastic 200.
  • Verified no private payment details are present in the workspace.

Payment details can be provided privately after maintainer acceptance.

@MAUROCERON MAUROCERON mentioned this pull request Jun 6, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@MAUROCERON