On the Alert page in Security Analytics, there are several fields including one called Last Event Time. In SA, it may be difficult to correlate the Last Event Time with the actual alert, especially when the Last Event Time seems to have a newer, more recent date than the Initial Alert Time. In the sceenshot below, the Initial and Last Event time are the same.
Release 8.2.7 and earlier
This bug is normally more evident in a Central Manager setup. There is a potential problem where even though the Initial Alert Time is static, the CMC keeps getting updates leading the user to believe that this alert is continuing to occur.
This will be resolved in SA version 8.2.8. Until then, the Last Event Time can be ignored. The Initial Alert Time is accurate and can be trusted.