Current ThreatQ Version Filter
 

Date and Time Stamps in ThreatQ

ThreatQ provides date and time stamps for threat intelligence, so that you can track the flow of data in the platform.  The following table provides an overview of what these various stamps indicate in the ThreatQ platform.

By default, ThreatQ displays times in Greenwich Mean Time (GMT) including the abbreviation for the timezone. However, users can customize the date/time stamp display by selecting a different timezone. Regardless of the timezone selected, the full timezone is displayed in a hover tooltip in the following format: Country/Major City, Timezone Abbreviation, (UTC+/-hh:mm)

The system and user-level timezone settings only affect the display of timestamps in the user interface and PDFs. ThreatQ continues to store timestamps in UTC and share UTC timestamps with resources such as ThreatQ Data Exchange (TQX), ThreatQ TDR Orchestrator (TQO), exports, and TAXII.)

ThreatQ UI Date and Time Stamps

Date and Time Stamp Definition
(Date) Created This indicates the date when the object was added to ThreatQ.
Due Date The due date set by the user for a task.

See the Tasks topic for more details.
Expiration Date This is the expiration date for a system object.
See the Indicator Expiration and Automatic Expiration topics for more details.
First Published Varies, depending on the object source:

  • If the source doesn't contain a publication date, this date indicates the first time the object is imported into ThreatQ. In this case, the created and first published dates will match.

  • If the source contains a publication date, this date indicates the first time the object was published by the feed.
Last Modified The date and time when object-specific information was last updated, such as updating an indicator’s status. 
Source Ingest Time The date and time that an object was initially reported by a source.

ThreatQ TDR Orchestrator Date and Time Stamps

  • Any feed (primary, supplemental, action) with its own timestamp_format/timezone configuration uses that configuration regardless of other configurations.
  • If an action feed does not have a timestamp_format/timezone configuration, it uses the configuration from the primary feed.
  • If a supplemental feed does not have a timestamp_format/timezone configuration, it uses the configuration from the primary feed. If an action calls a supplemental feed, that supplemental feed still inherits from the primary feed and not the action.
  • If a primary feed does not have a timestamp_format configuration, it defaults to YYYY-MM-DD HH:mm:ssZZ where the default timezone is UTC.

ThreatQ provides date and time stamps for threat intelligence, so that you can track the flow of data in the platform.  The following table provides an overview of what these various stamps indicate in the ThreatQ platform.

ThreatQ displays times in the system's timezone including the abbreviation for the timezone.  The full timezone is displayed in a hover tooltip in the following format: Country/Major City, Timezone Abbreviation, (UTC+/-hh:mm)

ThreatQ UI Date and Time Stamps

Date and Time Stamp Definition
(Date) Created This indicates the date when the object was added to ThreatQ.
Due Date The due date set by the user for a task.

See the Tasks topic for more details.
Expiration Date This is the expiration date for a system object.
See the Indicator Expiration and Automatic Expiration topics for more details.
First Published Varies, depending on the object source:

  • If the source doesn't contain a publication date, this date indicates the first time the object is imported into ThreatQ. In this case, the created and first published dates will match.

  • If the source contains a publication date, this date indicates the first time the object was published by the feed.
Last Modified The date and time when object-specific information was last updated, such as updating an indicator’s status. 
Source Ingest Time The date and time that an object was initially reported by a source.

ThreatQ TDR Orchestrator Date and Time Stamps

  • Any feed (primary, supplemental, action) with its own timestamp_format/timezone configuration uses that configuration regardless of other configurations.
  • If an action feed does not have a timestamp_format/timezone configuration, it uses the configuration from the primary feed.
  • If a supplemental feed does not have a timestamp_format/timezone configuration, it uses the configuration from the primary feed. If an action calls a supplemental feed, that supplemental feed still inherits from the primary feed and not the action.
  • If a primary feed does not have a timestamp_format configuration, it defaults to YYYY-MM-DD HH:mm:ssZZ where the default timezone is UTC.