Skip to content
English
Contact us
  • There are no suggestions because the search field is empty.

User Guide: Universal Webhook Date/Time Processing for Security Alerts

User Guide: Universal Webhook Date/Time Processing for Security Alerts 

Release: 1.4.0

 

Overview 

This enhancement improves how the Bearing platform processes date and time information when security alerts are created through the Universal Webhook integration. Previously, alerts received from external security systems sometimes had incorrect or missing time information. The Carmichael release adds support for multiple date/time formats and ensures the detection time is captured correctly. 

 

What Changed 

Before: The Universal Webhook only supported one date/time format. Alerts from external systems using a different format had incorrect or missing event times. 

After: The Universal Webhook now supports three datetime formats and correctly captures both the event time (when the security event occurred) and the detect time (when the alert was sent or detected). 

 

Supported Date/Time Formats 

External systems sending alerts via the Universal Webhook can now use any of the following formats: 

Format 

Example 

Standard (YYYY-MM-DD HH:MM:SS) 

2026-02-13 10:30:45 

ISO 8601 with milliseconds (…Z) 

2026-02-13T10:30:45.123Z 

ISO 8601 with microseconds 

2026-02-13T10:30:45.123456 

 

For SOC Operators: What This Means for You 

No action is required on your part. Alerts created through the Universal Webhook will now display accurate event times and detect times. If you previously noticed alerts with incorrect timestamps, this issue is resolved in the Carmichael release. 

When viewing an alert record, you will see: 

  • Event Time: The date and time the security event occurred (as reported by the external system) 
  • Detect Time: The date and time the alert was detected or sent by the external system 

 

For Administrators: Webhook Configuration 

Your external security systems do not need to change their datetime format - all three formats listed above are accepted automatically. 

If your external system sends a detect_time value in the webhook payload, the system will now capture and store it on the alert record. If no detect_time is provided, the system records the time the alert was received. 

Note: For specific integration setup or testing of the Universal Webhook endpoint, contact your ServiceNow administrator or refer to your integration documentation.