Thanks for replying, I have a question based on the event time .My understanding is that event time is the time stamp which shows the malicious activity been detected in that specific time is that right ??
Another question in this scenario
event time :7/8/2015 10:45:25
Start time :3/6/2015 09:24:31
End time: 3/6//2015 09:24:31
In a different NTP log i can see that the start time and end time are same (6th of march) but the event time shows a date on (8th of july) what exactly does it mean.
1.Is that SEP did not detect
2.Or was the file been quarantined for so long and was detetcted only in july .
Thanks in advance
Dinesh