GIM Category: system_time
The System Time category captures events where the system clock is modified, either manually or automatically. System time integrity is critical for maintaining reliable event sequencing and forensic accuracy. Changes to the system clock may occur through legitimate synchronization mechanisms (such as NTP or domain time sync) or as the result of administrative action or malicious tampering.
time_change
Events that record changes to the system clock, whether performed manually by a user or automatically by synchronization services such as NTP or domain time synchronization. Monitoring these changes is essential for maintaining forensic integrity and ensuring accurate event correlation.
Required Fields
sourceuser_name
| gim_event_type_code | gim_event_class | gim_event_category | gim_event_subcategory | gim_event_type | description |
|---|---|---|---|---|---|
|
260000 |
system_time |
system_time.time_change |
system time changed |
The system clock was changed, either manually by a user or automatically by a synchronization service. |
default
System time messages
Required Fields
sourceuser_name
| gim_event_type_code | gim_event_class | gim_event_category | gim_event_subcategory | gim_event_type | description |
|---|---|---|---|---|---|
|
269999 |
system_time |
system_time.default |
system time event |
Message related to system_time |
