NTP
Accurate, coordinated time must be maintained across the entire FortiSIEM cluster for correct system operation. For maximum control, security and reputability, synchronize all FortiSIEM nodes with a reliable, internal NTP system.
Organizations without an internal NTP solution may wish to make use of a public NTP service after validating it meets their requirements. One common example is the server pool hosted by https://www.pool.ntp.org.
All nodes in the FortiSIEM cluster should be set to UTC, and any local time variations accommodated by configuring the time zone offset on the node. FortiSIEM relies on coordinated UTC time on all nodes for log timestamp, ingestion and processing. Incorrect time settings on nodes may result in incorrect log timestamps, incorrect analytics results and unpredictable rule behavior.