The pivot from third party applications like Palo Alto and Splunk is adjusted if the timezone for the browser is different than the sensor. If the sensor is in California and the user is in New York, the timezone will be set to Eastern Time but the data is in Pacific Time. This can be disabled so that no adjustment is made.
This is a bug in the current release. The tz variable is set to true when it should be false.
The easiest way to resolve this issue is to update to Security Analytics version 7.1.6 or greater. In 7.1.6, the timezone adjustment is ignored.
If you are running versions prior to 7.1.6, you can make the modification manually.
1. Login as root on the sensor and edit the file /gui/dsweb/View/DeepseeReports/index.ctp.
2. Find the line with "var addTz = true;”. It is on line 44 in the lab sensor.
3. Change the true to false.
4. Save the change.
No service restart is necessary.
Test the pivot with the third party application.