I wrote about the problem of delayed events in a previous post, so here the focus is on how to overcome that problem when writing a rule or a correlation search (CS). What’s the problem? Most if not all App/TA developers extract _time from the log generation time. And that’s the best practice since we…