From da01542be05e759b0049375c0c25b0853346ee23 Mon Sep 17 00:00:00 2001
From: Laurence Jones <laurence.jones@live.co.uk>
Date: Thu, 2 Jan 2025 12:44:39 +0000
Subject: [PATCH] fix: tests y2k25 (#1211)

* fix: tests y2k25

* prevent y2k26

---------

Co-authored-by: marco <marco@crowdsec.net>
---
 .tests/amavis-blocked/scenario.assert       |  2 +-
 .tests/amavis-logs/parser.assert            |  6 +-
 .tests/asterisk-syslogs/parser.assert       | 74 ++++++++++++++++++---
 .tests/charon-ipsec-bf/scenario.assert      | 15 ++---
 .tests/charon-ipsec-slow-bf/scenario.assert | 25 +++----
 .tests/endlessh-logs/parser.assert          |  8 +--
 .tests/geoip-enrich/parser.assert           | 16 ++---
 .tests/pf-logs/parser.assert                | 12 ++--
 .tests/postfix-logs/parser.assert           | 28 ++++----
 .tests/postscreen-logs/parser.assert        |  8 +--
 .tests/pterodactyl-wings-bf/scenario.assert | 12 ++--
 .tests/pterodactyl-wings/parser.assert      | 64 +++++++++---------
 .tests/ssh-timeout/scenario.assert          | 16 ++---
 13 files changed, 169 insertions(+), 117 deletions(-)

diff --git a/.tests/amavis-blocked/scenario.assert b/.tests/amavis-blocked/scenario.assert
index 06b3606b682..8f5ce496a1a 100644
--- a/.tests/amavis-blocked/scenario.assert
+++ b/.tests/amavis-blocked/scenario.assert
@@ -12,7 +12,7 @@ results[0].Overflow.Alert.Events[0].GetMeta("log_type") == "amavis"
 results[0].Overflow.Alert.Events[0].GetMeta("machine") == "mrelmx42"
 results[0].Overflow.Alert.Events[0].GetMeta("service") == "amavis"
 results[0].Overflow.Alert.Events[0].GetMeta("source_ip") == "192.168.0.1"
-results[0].Overflow.Alert.Events[0].GetMeta("timestamp") == "2024-02-23T04:55:57Z"
+results[0].Overflow.Alert.Events[0].GetMeta("timestamp")[4:] == "-02-23T04:55:57Z"
 results[0].Overflow.Alert.GetScenario() == "crowdsecurity/amavis-blocked"
 results[0].Overflow.Alert.Remediation == true
 results[0].Overflow.Alert.GetEventsCount() == 1
diff --git a/.tests/amavis-logs/parser.assert b/.tests/amavis-logs/parser.assert
index 04de275dd79..b92dbc06bd7 100644
--- a/.tests/amavis-logs/parser.assert
+++ b/.tests/amavis-logs/parser.assert
@@ -67,7 +67,7 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["log_type"]
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["machine"] == "mrelmx42"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["service"] == "amavis"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["source_ip"] == "192.168.0.1"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["timestamp"] == "2024-02-23T04:55:57Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Enriched["MarshaledTime"] == "2024-02-23T04:55:57Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["timestamp"][4:] == "-02-23T04:55:57Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Enriched["MarshaledTime"][4:] == "-02-23T04:55:57Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Whitelisted == false
-len(results["success"][""]) == 0
\ No newline at end of file
+len(results["success"][""]) == 0
diff --git a/.tests/asterisk-syslogs/parser.assert b/.tests/asterisk-syslogs/parser.assert
index 51441f725ce..03d47b93180 100644
--- a/.tests/asterisk-syslogs/parser.assert
+++ b/.tests/asterisk-syslogs/parser.assert
@@ -50,6 +50,16 @@ results["s00-raw"]["crowdsecurity/syslog-logs"][4].Evt.Meta["datasource_path"] =
 results["s00-raw"]["crowdsecurity/syslog-logs"][4].Evt.Meta["datasource_type"] == "file"
 results["s00-raw"]["crowdsecurity/syslog-logs"][4].Evt.Meta["machine"] == "alba"
 results["s00-raw"]["crowdsecurity/syslog-logs"][4].Evt.Whitelisted == false
+results["s00-raw"]["crowdsecurity/syslog-logs"][5].Success == true
+results["s00-raw"]["crowdsecurity/syslog-logs"][5].Evt.Parsed["logsource"] == "syslog"
+results["s00-raw"]["crowdsecurity/syslog-logs"][5].Evt.Parsed["message"] == "SECURITY[112882]: res_security_log.c:114 in security_event_stasis_cb: SecurityEvent=\"InvalidAccountID\",EventTV=\"2024-07-08T22:55:41.434-0600\",Severity=\"Error\",Service=\"PJSIP\",EventVersion=\"1\",AccountID=\"kiwi\",SessionID=\"a79da57d-7fc3-440c-aca8-72afcdb600b8\",LocalAddress=\"IPV4/TLS/192.168.100.62/5061\",RemoteAddress=\"IPV4/TLS/192.168.100.12/46417\""
+results["s00-raw"]["crowdsecurity/syslog-logs"][5].Evt.Parsed["pid"] == "112836"
+results["s00-raw"]["crowdsecurity/syslog-logs"][5].Evt.Parsed["program"] == "asterisk"
+results["s00-raw"]["crowdsecurity/syslog-logs"][5].Evt.Parsed["timestamp"] == "Jul 08 22:55:41"
+results["s00-raw"]["crowdsecurity/syslog-logs"][5].Evt.Meta["datasource_path"] == "asterisk-logs.log"
+results["s00-raw"]["crowdsecurity/syslog-logs"][5].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/syslog-logs"][5].Evt.Meta["machine"] == "alba"
+results["s00-raw"]["crowdsecurity/syslog-logs"][5].Evt.Whitelisted == false
 len(results["s01-parse"]["crowdsecurity/asterisk-logs"]) == 6
 results["s01-parse"]["crowdsecurity/asterisk-logs"][0].Success == true
 results["s01-parse"]["crowdsecurity/asterisk-logs"][0].Evt.Parsed["asterisk_service"] == "PJSIP"
@@ -144,6 +154,29 @@ results["s01-parse"]["crowdsecurity/asterisk-logs"][4].Evt.Meta["session_id"] ==
 results["s01-parse"]["crowdsecurity/asterisk-logs"][4].Evt.Meta["source_ip"] == "192.168.100.12"
 results["s01-parse"]["crowdsecurity/asterisk-logs"][4].Evt.Meta["target_user"] == "<unknown>"
 results["s01-parse"]["crowdsecurity/asterisk-logs"][4].Evt.Whitelisted == false
+results["s01-parse"]["crowdsecurity/asterisk-logs"][5].Success == true
+results["s01-parse"]["crowdsecurity/asterisk-logs"][5].Evt.Parsed["asterisk_service"] == "PJSIP"
+results["s01-parse"]["crowdsecurity/asterisk-logs"][5].Evt.Parsed["asterisk_session_id"] == "a79da57d-7fc3-440c-aca8-72afcdb600b8"
+results["s01-parse"]["crowdsecurity/asterisk-logs"][5].Evt.Parsed["event_timestamp"] == "2024-07-08T22:55:41.434-0600"
+results["s01-parse"]["crowdsecurity/asterisk-logs"][5].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/asterisk-logs"][5].Evt.Parsed["message"] == "SECURITY[112882]: res_security_log.c:114 in security_event_stasis_cb: SecurityEvent=\"InvalidAccountID\",EventTV=\"2024-07-08T22:55:41.434-0600\",Severity=\"Error\",Service=\"PJSIP\",EventVersion=\"1\",AccountID=\"kiwi\",SessionID=\"a79da57d-7fc3-440c-aca8-72afcdb600b8\",LocalAddress=\"IPV4/TLS/192.168.100.62/5061\",RemoteAddress=\"IPV4/TLS/192.168.100.12/46417\""
+results["s01-parse"]["crowdsecurity/asterisk-logs"][5].Evt.Parsed["pid"] == "112836"
+results["s01-parse"]["crowdsecurity/asterisk-logs"][5].Evt.Parsed["program"] == "asterisk"
+results["s01-parse"]["crowdsecurity/asterisk-logs"][5].Evt.Parsed["source_ip"] == "192.168.100.12"
+results["s01-parse"]["crowdsecurity/asterisk-logs"][5].Evt.Parsed["source_port"] == "46417"
+results["s01-parse"]["crowdsecurity/asterisk-logs"][5].Evt.Parsed["target_ip"] == "192.168.100.62"
+results["s01-parse"]["crowdsecurity/asterisk-logs"][5].Evt.Parsed["target_port"] == "5061"
+results["s01-parse"]["crowdsecurity/asterisk-logs"][5].Evt.Parsed["username"] == "kiwi"
+results["s01-parse"]["crowdsecurity/asterisk-logs"][5].Evt.Meta["asterisk_service"] == "PJSIP"
+results["s01-parse"]["crowdsecurity/asterisk-logs"][5].Evt.Meta["datasource_path"] == "asterisk-logs.log"
+results["s01-parse"]["crowdsecurity/asterisk-logs"][5].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/asterisk-logs"][5].Evt.Meta["log_type"] == "asterisk_failed_auth"
+results["s01-parse"]["crowdsecurity/asterisk-logs"][5].Evt.Meta["machine"] == "alba"
+results["s01-parse"]["crowdsecurity/asterisk-logs"][5].Evt.Meta["service"] == "asterisk"
+results["s01-parse"]["crowdsecurity/asterisk-logs"][5].Evt.Meta["session_id"] == "a79da57d-7fc3-440c-aca8-72afcdb600b8"
+results["s01-parse"]["crowdsecurity/asterisk-logs"][5].Evt.Meta["source_ip"] == "192.168.100.12"
+results["s01-parse"]["crowdsecurity/asterisk-logs"][5].Evt.Meta["target_user"] == "kiwi"
+results["s01-parse"]["crowdsecurity/asterisk-logs"][5].Evt.Whitelisted == false
 len(results["s02-enrich"]["crowdsecurity/dateparse-enrich"]) == 5
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["asterisk_service"] == "PJSIP"
@@ -167,8 +200,8 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["service"] =
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["session_id"] == "9860f048-8b50-4c84-bd5e-4312b96b4e87"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["source_ip"] == "192.168.100.12"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["target_user"] == "<unknown>"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["timestamp"] == "2024-07-08T22:25:10Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Enriched["MarshaledTime"] == "2024-07-08T22:25:10Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["timestamp"][4:] == "-07-08T22:25:10Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Enriched["MarshaledTime"][4:] == "-07-08T22:25:10Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["asterisk_service"] == "PJSIP"
@@ -192,8 +225,8 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["service"] =
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["session_id"] == "a79da57d-7fc3-440c-aca8-72afcdb600b8"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["source_ip"] == "192.168.100.12"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["target_user"] == "kiwi"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["timestamp"] == "2024-07-08T22:55:41Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Enriched["MarshaledTime"] == "2024-07-08T22:55:41Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["timestamp"][4:] == "-07-08T22:55:41Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Enriched["MarshaledTime"][4:] == "-07-08T22:55:41Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["asterisk_service"] == "PJSIP"
@@ -217,8 +250,8 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["service"] =
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["session_id"] == "a79da57d-7fc3-440c-aca8-72afcdb600b8"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["source_ip"] == "192.168.100.12"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["target_user"] == "kiwi"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["timestamp"] == "2024-07-08T22:55:41Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Enriched["MarshaledTime"] == "2024-07-08T22:55:41Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["timestamp"][4:] == "-07-08T22:55:41Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Enriched["MarshaledTime"][4:] == "-07-08T22:55:41Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["asterisk_service"] == "PJSIP"
@@ -242,7 +275,32 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["service"] =
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["session_id"] == "a79da57d-7fc3-440c-aca8-72afcdb600b8"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["source_ip"] == "192.168.100.12"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["target_user"] == "<unknown>"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["timestamp"] == "2024-07-08T22:55:41Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Enriched["MarshaledTime"] == "2024-07-08T22:55:41Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["timestamp"][4:] == "-07-08T22:55:41Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Enriched["MarshaledTime"][4:] == "-07-08T22:55:41Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Whitelisted == false
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["asterisk_service"] == "PJSIP"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["asterisk_session_id"] == "a79da57d-7fc3-440c-aca8-72afcdb600b8"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["event_timestamp"] == "2024-07-08T22:55:41.434-0600"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["logsource"] == "syslog"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["message"] == "SECURITY[112882]: res_security_log.c:114 in security_event_stasis_cb: SecurityEvent=\"InvalidAccountID\",EventTV=\"2024-07-08T22:55:41.434-0600\",Severity=\"Error\",Service=\"PJSIP\",EventVersion=\"1\",AccountID=\"kiwi\",SessionID=\"a79da57d-7fc3-440c-aca8-72afcdb600b8\",LocalAddress=\"IPV4/TLS/192.168.100.62/5061\",RemoteAddress=\"IPV4/TLS/192.168.100.12/46417\""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["pid"] == "112836"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["program"] == "asterisk"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["source_ip"] == "192.168.100.12"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["source_port"] == "46417"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["target_ip"] == "192.168.100.62"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["target_port"] == "5061"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["username"] == "kiwi"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["asterisk_service"] == "PJSIP"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["datasource_path"] == "asterisk-logs.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["log_type"] == "asterisk_failed_auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["machine"] == "alba"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["service"] == "asterisk"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["session_id"] == "a79da57d-7fc3-440c-aca8-72afcdb600b8"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["source_ip"] == "192.168.100.12"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["target_user"] == "kiwi"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["timestamp"][4:] == "-07-08T22:55:41Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Enriched["MarshaledTime"][4:] == "-07-08T22:55:41Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Whitelisted == false
 len(results["success"][""]) == 0
diff --git a/.tests/charon-ipsec-bf/scenario.assert b/.tests/charon-ipsec-bf/scenario.assert
index a090625e554..458fe56bf4b 100644
--- a/.tests/charon-ipsec-bf/scenario.assert
+++ b/.tests/charon-ipsec-bf/scenario.assert
@@ -1,4 +1,3 @@
-
 len(results) == 3
 "116.178.2.170" in results[0].Overflow.GetSources()
 results[0].Overflow.Sources["116.178.2.170"].IP == "116.178.2.170"
@@ -111,44 +110,42 @@ results[2].Overflow.Alert.Events[0].GetMeta("log_type") == "charon_ipsec_auth_fa
 results[2].Overflow.Alert.Events[0].GetMeta("machine") == "pfSense"
 results[2].Overflow.Alert.Events[0].GetMeta("service") == "charon_ipsec"
 results[2].Overflow.Alert.Events[0].GetMeta("source_ip") == "116.178.2.170"
-results[2].Overflow.Alert.Events[0].GetMeta("timestamp") == "2024-02-22T20:23:03Z"
+results[2].Overflow.Alert.Events[0].GetMeta("timestamp")[4:] == "-02-22T20:23:03Z"
 results[2].Overflow.Alert.Events[1].GetMeta("datasource_path") == "charon-ipsec-bf.log"
 results[2].Overflow.Alert.Events[1].GetMeta("datasource_type") == "file"
 results[2].Overflow.Alert.Events[1].GetMeta("log_type") == "charon_ipsec_auth_fail"
 results[2].Overflow.Alert.Events[1].GetMeta("machine") == "pfSense"
 results[2].Overflow.Alert.Events[1].GetMeta("service") == "charon_ipsec"
 results[2].Overflow.Alert.Events[1].GetMeta("source_ip") == "116.178.2.170"
-results[2].Overflow.Alert.Events[1].GetMeta("timestamp") == "2024-02-22T20:23:03Z"
+results[2].Overflow.Alert.Events[1].GetMeta("timestamp")[4:] == "-02-22T20:23:03Z"
 results[2].Overflow.Alert.Events[2].GetMeta("datasource_path") == "charon-ipsec-bf.log"
 results[2].Overflow.Alert.Events[2].GetMeta("datasource_type") == "file"
 results[2].Overflow.Alert.Events[2].GetMeta("log_type") == "charon_ipsec_auth_fail"
 results[2].Overflow.Alert.Events[2].GetMeta("machine") == "pfSense"
 results[2].Overflow.Alert.Events[2].GetMeta("service") == "charon_ipsec"
 results[2].Overflow.Alert.Events[2].GetMeta("source_ip") == "116.178.2.170"
-results[2].Overflow.Alert.Events[2].GetMeta("timestamp") == "2024-02-22T20:23:03Z"
+results[2].Overflow.Alert.Events[2].GetMeta("timestamp")[4:] == "-02-22T20:23:03Z"
 results[2].Overflow.Alert.Events[3].GetMeta("datasource_path") == "charon-ipsec-bf.log"
 results[2].Overflow.Alert.Events[3].GetMeta("datasource_type") == "file"
 results[2].Overflow.Alert.Events[3].GetMeta("log_type") == "charon_ipsec_auth_fail"
 results[2].Overflow.Alert.Events[3].GetMeta("machine") == "pfSense"
 results[2].Overflow.Alert.Events[3].GetMeta("service") == "charon_ipsec"
 results[2].Overflow.Alert.Events[3].GetMeta("source_ip") == "116.178.2.170"
-results[2].Overflow.Alert.Events[3].GetMeta("timestamp") == "2024-02-22T20:23:03Z"
+results[2].Overflow.Alert.Events[3].GetMeta("timestamp")[4:] == "-02-22T20:23:03Z"
 results[2].Overflow.Alert.Events[4].GetMeta("datasource_path") == "charon-ipsec-bf.log"
 results[2].Overflow.Alert.Events[4].GetMeta("datasource_type") == "file"
 results[2].Overflow.Alert.Events[4].GetMeta("log_type") == "charon_ipsec_auth_fail"
 results[2].Overflow.Alert.Events[4].GetMeta("machine") == "pfSense"
 results[2].Overflow.Alert.Events[4].GetMeta("service") == "charon_ipsec"
 results[2].Overflow.Alert.Events[4].GetMeta("source_ip") == "116.178.2.170"
-results[2].Overflow.Alert.Events[4].GetMeta("timestamp") == "2024-02-22T20:23:03Z"
+results[2].Overflow.Alert.Events[4].GetMeta("timestamp")[4:] == "-02-22T20:23:03Z"
 results[2].Overflow.Alert.Events[5].GetMeta("datasource_path") == "charon-ipsec-bf.log"
 results[2].Overflow.Alert.Events[5].GetMeta("datasource_type") == "file"
 results[2].Overflow.Alert.Events[5].GetMeta("log_type") == "charon_ipsec_auth_fail"
 results[2].Overflow.Alert.Events[5].GetMeta("machine") == "pfSense"
 results[2].Overflow.Alert.Events[5].GetMeta("service") == "charon_ipsec"
 results[2].Overflow.Alert.Events[5].GetMeta("source_ip") == "116.178.2.170"
-results[2].Overflow.Alert.Events[5].GetMeta("timestamp") == "2024-02-22T20:23:03Z"
+results[2].Overflow.Alert.Events[5].GetMeta("timestamp")[4:] == "-02-22T20:23:03Z"
 results[2].Overflow.Alert.GetScenario() == "darkclip/charon-ipsec-bf"
 results[2].Overflow.Alert.Remediation == true
 results[2].Overflow.Alert.GetEventsCount() == 6
-
-
diff --git a/.tests/charon-ipsec-slow-bf/scenario.assert b/.tests/charon-ipsec-slow-bf/scenario.assert
index 1d48cdec822..7e66bcb8081 100644
--- a/.tests/charon-ipsec-slow-bf/scenario.assert
+++ b/.tests/charon-ipsec-slow-bf/scenario.assert
@@ -1,4 +1,3 @@
-
 len(results) == 2
 "116.178.2.170" in results[0].Overflow.GetSources()
 results[0].Overflow.Sources["116.178.2.170"].IP == "116.178.2.170"
@@ -96,79 +95,77 @@ results[1].Overflow.Alert.Events[0].GetMeta("log_type") == "charon_ipsec_auth_fa
 results[1].Overflow.Alert.Events[0].GetMeta("machine") == "pfSense"
 results[1].Overflow.Alert.Events[0].GetMeta("service") == "charon_ipsec"
 results[1].Overflow.Alert.Events[0].GetMeta("source_ip") == "116.178.2.170"
-results[1].Overflow.Alert.Events[0].GetMeta("timestamp") == "2024-02-22T20:23:03Z"
+results[1].Overflow.Alert.Events[0].GetMeta("timestamp")[4:] == "-02-22T20:23:03Z"
 results[1].Overflow.Alert.Events[1].GetMeta("datasource_path") == "charon-ipsec-slow-bf.log"
 results[1].Overflow.Alert.Events[1].GetMeta("datasource_type") == "file"
 results[1].Overflow.Alert.Events[1].GetMeta("log_type") == "charon_ipsec_auth_fail"
 results[1].Overflow.Alert.Events[1].GetMeta("machine") == "pfSense"
 results[1].Overflow.Alert.Events[1].GetMeta("service") == "charon_ipsec"
 results[1].Overflow.Alert.Events[1].GetMeta("source_ip") == "116.178.2.170"
-results[1].Overflow.Alert.Events[1].GetMeta("timestamp") == "2024-02-22T20:23:03Z"
+results[1].Overflow.Alert.Events[1].GetMeta("timestamp")[4:] == "-02-22T20:23:03Z"
 results[1].Overflow.Alert.Events[2].GetMeta("datasource_path") == "charon-ipsec-slow-bf.log"
 results[1].Overflow.Alert.Events[2].GetMeta("datasource_type") == "file"
 results[1].Overflow.Alert.Events[2].GetMeta("log_type") == "charon_ipsec_auth_fail"
 results[1].Overflow.Alert.Events[2].GetMeta("machine") == "pfSense"
 results[1].Overflow.Alert.Events[2].GetMeta("service") == "charon_ipsec"
 results[1].Overflow.Alert.Events[2].GetMeta("source_ip") == "116.178.2.170"
-results[1].Overflow.Alert.Events[2].GetMeta("timestamp") == "2024-02-22T20:23:03Z"
+results[1].Overflow.Alert.Events[2].GetMeta("timestamp")[4:] == "-02-22T20:23:03Z"
 results[1].Overflow.Alert.Events[3].GetMeta("datasource_path") == "charon-ipsec-slow-bf.log"
 results[1].Overflow.Alert.Events[3].GetMeta("datasource_type") == "file"
 results[1].Overflow.Alert.Events[3].GetMeta("log_type") == "charon_ipsec_auth_fail"
 results[1].Overflow.Alert.Events[3].GetMeta("machine") == "pfSense"
 results[1].Overflow.Alert.Events[3].GetMeta("service") == "charon_ipsec"
 results[1].Overflow.Alert.Events[3].GetMeta("source_ip") == "116.178.2.170"
-results[1].Overflow.Alert.Events[3].GetMeta("timestamp") == "2024-02-22T20:23:03Z"
+results[1].Overflow.Alert.Events[3].GetMeta("timestamp")[4:] == "-02-22T20:23:03Z"
 results[1].Overflow.Alert.Events[4].GetMeta("datasource_path") == "charon-ipsec-slow-bf.log"
 results[1].Overflow.Alert.Events[4].GetMeta("datasource_type") == "file"
 results[1].Overflow.Alert.Events[4].GetMeta("log_type") == "charon_ipsec_auth_fail"
 results[1].Overflow.Alert.Events[4].GetMeta("machine") == "pfSense"
 results[1].Overflow.Alert.Events[4].GetMeta("service") == "charon_ipsec"
 results[1].Overflow.Alert.Events[4].GetMeta("source_ip") == "116.178.2.170"
-results[1].Overflow.Alert.Events[4].GetMeta("timestamp") == "2024-02-22T20:23:03Z"
+results[1].Overflow.Alert.Events[4].GetMeta("timestamp")[4:] == "-02-22T20:23:03Z"
 results[1].Overflow.Alert.Events[5].GetMeta("datasource_path") == "charon-ipsec-slow-bf.log"
 results[1].Overflow.Alert.Events[5].GetMeta("datasource_type") == "file"
 results[1].Overflow.Alert.Events[5].GetMeta("log_type") == "charon_ipsec_auth_fail"
 results[1].Overflow.Alert.Events[5].GetMeta("machine") == "pfSense"
 results[1].Overflow.Alert.Events[5].GetMeta("service") == "charon_ipsec"
 results[1].Overflow.Alert.Events[5].GetMeta("source_ip") == "116.178.2.170"
-results[1].Overflow.Alert.Events[5].GetMeta("timestamp") == "2024-02-22T20:23:03Z"
+results[1].Overflow.Alert.Events[5].GetMeta("timestamp")[4:] == "-02-22T20:23:03Z"
 results[1].Overflow.Alert.Events[6].GetMeta("datasource_path") == "charon-ipsec-slow-bf.log"
 results[1].Overflow.Alert.Events[6].GetMeta("datasource_type") == "file"
 results[1].Overflow.Alert.Events[6].GetMeta("log_type") == "charon_ipsec_auth_fail"
 results[1].Overflow.Alert.Events[6].GetMeta("machine") == "pfSense"
 results[1].Overflow.Alert.Events[6].GetMeta("service") == "charon_ipsec"
 results[1].Overflow.Alert.Events[6].GetMeta("source_ip") == "116.178.2.170"
-results[1].Overflow.Alert.Events[6].GetMeta("timestamp") == "2024-02-22T20:23:03Z"
+results[1].Overflow.Alert.Events[6].GetMeta("timestamp")[4:] == "-02-22T20:23:03Z"
 results[1].Overflow.Alert.Events[7].GetMeta("datasource_path") == "charon-ipsec-slow-bf.log"
 results[1].Overflow.Alert.Events[7].GetMeta("datasource_type") == "file"
 results[1].Overflow.Alert.Events[7].GetMeta("log_type") == "charon_ipsec_auth_fail"
 results[1].Overflow.Alert.Events[7].GetMeta("machine") == "pfSense"
 results[1].Overflow.Alert.Events[7].GetMeta("service") == "charon_ipsec"
 results[1].Overflow.Alert.Events[7].GetMeta("source_ip") == "116.178.2.170"
-results[1].Overflow.Alert.Events[7].GetMeta("timestamp") == "2024-02-22T20:23:03Z"
+results[1].Overflow.Alert.Events[7].GetMeta("timestamp")[4:] == "-02-22T20:23:03Z"
 results[1].Overflow.Alert.Events[8].GetMeta("datasource_path") == "charon-ipsec-slow-bf.log"
 results[1].Overflow.Alert.Events[8].GetMeta("datasource_type") == "file"
 results[1].Overflow.Alert.Events[8].GetMeta("log_type") == "charon_ipsec_auth_fail"
 results[1].Overflow.Alert.Events[8].GetMeta("machine") == "pfSense"
 results[1].Overflow.Alert.Events[8].GetMeta("service") == "charon_ipsec"
 results[1].Overflow.Alert.Events[8].GetMeta("source_ip") == "116.178.2.170"
-results[1].Overflow.Alert.Events[8].GetMeta("timestamp") == "2024-02-22T20:23:03Z"
+results[1].Overflow.Alert.Events[8].GetMeta("timestamp")[4:] == "-02-22T20:23:03Z"
 results[1].Overflow.Alert.Events[9].GetMeta("datasource_path") == "charon-ipsec-slow-bf.log"
 results[1].Overflow.Alert.Events[9].GetMeta("datasource_type") == "file"
 results[1].Overflow.Alert.Events[9].GetMeta("log_type") == "charon_ipsec_auth_fail"
 results[1].Overflow.Alert.Events[9].GetMeta("machine") == "pfSense"
 results[1].Overflow.Alert.Events[9].GetMeta("service") == "charon_ipsec"
 results[1].Overflow.Alert.Events[9].GetMeta("source_ip") == "116.178.2.170"
-results[1].Overflow.Alert.Events[9].GetMeta("timestamp") == "2024-02-22T20:23:03Z"
+results[1].Overflow.Alert.Events[9].GetMeta("timestamp")[4:] == "-02-22T20:23:03Z"
 results[1].Overflow.Alert.Events[10].GetMeta("datasource_path") == "charon-ipsec-slow-bf.log"
 results[1].Overflow.Alert.Events[10].GetMeta("datasource_type") == "file"
 results[1].Overflow.Alert.Events[10].GetMeta("log_type") == "charon_ipsec_auth_fail"
 results[1].Overflow.Alert.Events[10].GetMeta("machine") == "pfSense"
 results[1].Overflow.Alert.Events[10].GetMeta("service") == "charon_ipsec"
 results[1].Overflow.Alert.Events[10].GetMeta("source_ip") == "116.178.2.170"
-results[1].Overflow.Alert.Events[10].GetMeta("timestamp") == "2024-02-22T20:23:03Z"
+results[1].Overflow.Alert.Events[10].GetMeta("timestamp")[4:] == "-02-22T20:23:03Z"
 results[1].Overflow.Alert.GetScenario() == "darkclip/charon-ipsec-bf"
 results[1].Overflow.Alert.Remediation == true
 results[1].Overflow.Alert.GetEventsCount() == 11
-
-
diff --git a/.tests/endlessh-logs/parser.assert b/.tests/endlessh-logs/parser.assert
index a3ab70a7260..439fb8d9b2d 100644
--- a/.tests/endlessh-logs/parser.assert
+++ b/.tests/endlessh-logs/parser.assert
@@ -2094,8 +2094,8 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][51].Evt.Meta["datasource
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][51].Evt.Meta["log_type"] == "endlessh_accept"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][51].Evt.Meta["service"] == "endlessh"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][51].Evt.Meta["source_ip"] == "192.168.121.1"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][51].Evt.Meta["timestamp"] == "2024-06-13T10:22:21.684962Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][51].Evt.Enriched["MarshaledTime"] == "2024-06-13T10:22:21.684962Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][51].Evt.Meta["timestamp"][4:] == "-06-13T10:22:21.684962Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][51].Evt.Enriched["MarshaledTime"][4:] == "-06-13T10:22:21.684962Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][51].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][52].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][52].Evt.Parsed["message"] == "I0613 10:22:26.154722       1 client.go:58] ACCEPT host=192.168.121.1 port=53608 n=2/4096"
@@ -2107,7 +2107,7 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][52].Evt.Meta["datasource
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][52].Evt.Meta["log_type"] == "endlessh_accept"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][52].Evt.Meta["service"] == "endlessh"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][52].Evt.Meta["source_ip"] == "192.168.121.1"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][52].Evt.Meta["timestamp"] == "2024-06-13T10:22:26.154722Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][52].Evt.Enriched["MarshaledTime"] == "2024-06-13T10:22:26.154722Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][52].Evt.Meta["timestamp"][4:] == "-06-13T10:22:26.154722Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][52].Evt.Enriched["MarshaledTime"][4:] == "-06-13T10:22:26.154722Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][52].Evt.Whitelisted == false
 len(results["success"][""]) == 0
diff --git a/.tests/geoip-enrich/parser.assert b/.tests/geoip-enrich/parser.assert
index bd0c5c25d38..f5de0669f7e 100644
--- a/.tests/geoip-enrich/parser.assert
+++ b/.tests/geoip-enrich/parser.assert
@@ -95,8 +95,8 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["machine"] =
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["service"] == "ssh"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["source_ip"] == "1.2.3.4"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["target_user"] == "pascal"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["timestamp"] == "2024-02-12T14:10:21Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Enriched["MarshaledTime"] == "2024-02-12T14:10:21Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["timestamp"][4:] == "-02-12T14:10:21Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Enriched["MarshaledTime"][4:] == "-02-12T14:10:21Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["logsource"] == "syslog"
@@ -113,8 +113,8 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["machine"] =
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["service"] == "ssh"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["source_ip"] == "127.0.0.1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["target_user"] == "pascal"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["timestamp"] == "2024-02-12T14:10:21Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Enriched["MarshaledTime"] == "2024-02-12T14:10:21Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["timestamp"][4:] == "-02-12T14:10:21Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Enriched["MarshaledTime"][4:] == "-02-12T14:10:21Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["logsource"] == "syslog"
@@ -131,8 +131,8 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["machine"] =
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["service"] == "ssh"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["source_ip"] == "192.168.1.1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["target_user"] == "pascal"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["timestamp"] == "2024-02-12T14:10:21Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Enriched["MarshaledTime"] == "2024-02-12T14:10:21Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["timestamp"][4:] == "-02-12T14:10:21Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Enriched["MarshaledTime"][4:] == "-02-12T14:10:21Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Whitelisted == false
 len(results["s02-enrich"]["crowdsecurity/geoip-enrich"]) == 3
 results["s02-enrich"]["crowdsecurity/geoip-enrich"][0].Success == true
@@ -155,7 +155,7 @@ results["s02-enrich"]["crowdsecurity/geoip-enrich"][0].Evt.Meta["machine"] == "s
 results["s02-enrich"]["crowdsecurity/geoip-enrich"][0].Evt.Meta["service"] == "ssh"
 results["s02-enrich"]["crowdsecurity/geoip-enrich"][0].Evt.Meta["source_ip"] == "1.2.3.4"
 results["s02-enrich"]["crowdsecurity/geoip-enrich"][0].Evt.Meta["target_user"] == "pascal"
-results["s02-enrich"]["crowdsecurity/geoip-enrich"][0].Evt.Meta["timestamp"] == "2024-02-12T14:10:21Z"
+results["s02-enrich"]["crowdsecurity/geoip-enrich"][0].Evt.Meta["timestamp"][4:] == "-02-12T14:10:21Z"
 results["s02-enrich"]["crowdsecurity/geoip-enrich"][0].Evt.Enriched["ASNNumber"] == "4242"
 results["s02-enrich"]["crowdsecurity/geoip-enrich"][0].Evt.Enriched["ASNOrg"] == "Crowdsec"
 results["s02-enrich"]["crowdsecurity/geoip-enrich"][0].Evt.Enriched["ASNumber"] == "4242"
@@ -163,7 +163,7 @@ results["s02-enrich"]["crowdsecurity/geoip-enrich"][0].Evt.Enriched["IsInEU"] ==
 results["s02-enrich"]["crowdsecurity/geoip-enrich"][0].Evt.Enriched["IsoCode"] == "FR"
 results["s02-enrich"]["crowdsecurity/geoip-enrich"][0].Evt.Enriched["Latitude"] == "46.000000"
 results["s02-enrich"]["crowdsecurity/geoip-enrich"][0].Evt.Enriched["Longitude"] == "2.000000"
-results["s02-enrich"]["crowdsecurity/geoip-enrich"][0].Evt.Enriched["MarshaledTime"] == "2024-02-12T14:10:21Z"
+results["s02-enrich"]["crowdsecurity/geoip-enrich"][0].Evt.Enriched["MarshaledTime"][4:] == "-02-12T14:10:21Z"
 results["s02-enrich"]["crowdsecurity/geoip-enrich"][0].Evt.Enriched["SourceRange"] == "1.2.3.0/24"
 results["s02-enrich"]["crowdsecurity/geoip-enrich"][0].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/geoip-enrich"][1].Success == false
diff --git a/.tests/pf-logs/parser.assert b/.tests/pf-logs/parser.assert
index 2ca4f80d611..2c6ce206335 100644
--- a/.tests/pf-logs/parser.assert
+++ b/.tests/pf-logs/parser.assert
@@ -601,8 +601,8 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["ruleid"] ==
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["rulenr"] == "53"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["service"] == "tcp"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["source_ip"] == "10.0.2.2"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["timestamp"] == "2024-09-28T10:38:09Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Enriched["MarshaledTime"] == "2024-09-28T10:38:09Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["timestamp"][4:] == "-09-28T10:38:09Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Enriched["MarshaledTime"][4:] == "-09-28T10:38:09Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["action"] == "block"
@@ -642,8 +642,8 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["ruleid"] ==
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["rulenr"] == "53"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["service"] == "tcp"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["source_ip"] == "10.0.2.2"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["timestamp"] == "2024-09-28T10:38:24Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Enriched["MarshaledTime"] == "2024-09-28T10:38:24Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["timestamp"][4:] == "-09-28T10:38:24Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Enriched["MarshaledTime"][4:] == "-09-28T10:38:24Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["ack_number"] == "29633380"
@@ -683,8 +683,8 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["ruleid"] ==
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["rulenr"] == "6"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["service"] == "tcp"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["source_ip"] == "10.0.2.15"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["timestamp"] == "2024-09-28T10:38:41Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Enriched["MarshaledTime"] == "2024-09-28T10:38:41Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["timestamp"][4:] == "-09-28T10:38:41Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Enriched["MarshaledTime"][4:] == "-09-28T10:38:41Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["action"] == "block"
diff --git a/.tests/postfix-logs/parser.assert b/.tests/postfix-logs/parser.assert
index 524841871d6..4a07a3f2b5d 100644
--- a/.tests/postfix-logs/parser.assert
+++ b/.tests/postfix-logs/parser.assert
@@ -157,10 +157,10 @@ results["s01-parse"]["crowdsecurity/postfix-logs"][3].Evt.Meta["reason"] == "Rel
 results["s01-parse"]["crowdsecurity/postfix-logs"][3].Evt.Meta["service"] == "postfix"
 results["s01-parse"]["crowdsecurity/postfix-logs"][3].Evt.Meta["source_hostname"] == "unknown"
 results["s01-parse"]["crowdsecurity/postfix-logs"][3].Evt.Meta["source_ip"] == "192.168.1.1"
+results["s01-parse"]["crowdsecurity/postfix-logs"][3].Evt.Unmarshaled["postfix"]["from"] == "<spammer@domain.tld>"
 results["s01-parse"]["crowdsecurity/postfix-logs"][3].Evt.Unmarshaled["postfix"]["helo"] == "<WIN-CLJ1B0GQ6JP>"
 results["s01-parse"]["crowdsecurity/postfix-logs"][3].Evt.Unmarshaled["postfix"]["proto"] == "ESMTP"
 results["s01-parse"]["crowdsecurity/postfix-logs"][3].Evt.Unmarshaled["postfix"]["to"] == "<spammer@domain.tld>"
-results["s01-parse"]["crowdsecurity/postfix-logs"][3].Evt.Unmarshaled["postfix"]["from"] == "<spammer@domain.tld>"
 results["s01-parse"]["crowdsecurity/postfix-logs"][3].Evt.Whitelisted == false
 results["s01-parse"]["crowdsecurity/postfix-logs"][4].Success == true
 results["s01-parse"]["crowdsecurity/postfix-logs"][4].Evt.Parsed["action"] == "reject"
@@ -187,10 +187,10 @@ results["s01-parse"]["crowdsecurity/postfix-logs"][4].Evt.Meta["reason"] == "Rel
 results["s01-parse"]["crowdsecurity/postfix-logs"][4].Evt.Meta["service"] == "postfix"
 results["s01-parse"]["crowdsecurity/postfix-logs"][4].Evt.Meta["source_hostname"] == "static.1.1.168.192.client.domain.xyz"
 results["s01-parse"]["crowdsecurity/postfix-logs"][4].Evt.Meta["source_ip"] == "192.168.1.1"
-results["s01-parse"]["crowdsecurity/postfix-logs"][4].Evt.Unmarshaled["postfix"]["to"] == "<spammer@domain.tld>"
 results["s01-parse"]["crowdsecurity/postfix-logs"][4].Evt.Unmarshaled["postfix"]["from"] == "<spammer@domain.tld>"
 results["s01-parse"]["crowdsecurity/postfix-logs"][4].Evt.Unmarshaled["postfix"]["helo"] == "<WIN-CLJ1B0GQ6JP>"
 results["s01-parse"]["crowdsecurity/postfix-logs"][4].Evt.Unmarshaled["postfix"]["proto"] == "ESMTP"
+results["s01-parse"]["crowdsecurity/postfix-logs"][4].Evt.Unmarshaled["postfix"]["to"] == "<spammer@domain.tld>"
 results["s01-parse"]["crowdsecurity/postfix-logs"][4].Evt.Whitelisted == false
 results["s01-parse"]["crowdsecurity/postfix-logs"][5].Success == true
 results["s01-parse"]["crowdsecurity/postfix-logs"][5].Evt.Parsed["command"] == "GET / HTTP/1.1"
@@ -226,8 +226,8 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["machine"] =
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["service"] == "postfix"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["source_hostname"] == "unknown"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["source_ip"] == "192.168.1.1"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["timestamp"] == "2024-05-11T04:02:36Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Enriched["MarshaledTime"] == "2024-05-11T04:02:36Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["timestamp"][4:] == "-05-11T04:02:36Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Enriched["MarshaledTime"][4:] == "-05-11T04:02:36Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["action"] == "reject"
@@ -251,8 +251,8 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["machine"] =
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["service"] == "postfix"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["source_hostname"] == "unknown"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["source_ip"] == "192.168.1.1"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["timestamp"] == "2024-05-11T04:02:37Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Enriched["MarshaledTime"] == "2024-05-11T04:02:37Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["timestamp"][4:] == "-05-11T04:02:37Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Enriched["MarshaledTime"][4:] == "-05-11T04:02:37Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["action"] == "reject"
@@ -281,10 +281,10 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["source_host
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["source_ip"] == "192.168.1.1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["timestamp"] == "2024-08-26T01:33:38.572449Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Enriched["MarshaledTime"] == "2024-08-26T01:33:38.572449Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["postfix"]["from"] == "<spammer@domain.tld>"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["postfix"]["helo"] == "<WIN-9QL4SDRB93L>"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["postfix"]["proto"] == "ESMTP"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["postfix"]["to"] == "<spammer@domain.tld>"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["postfix"]["from"] == "<spammer@domain.tld>"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["postfix"]["helo"] == "<WIN-9QL4SDRB93L>"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["action"] == "reject"
@@ -313,10 +313,10 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["source_host
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["source_ip"] == "192.168.1.1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["timestamp"] == "2024-08-25T12:31:56.154748Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Enriched["MarshaledTime"] == "2024-08-25T12:31:56.154748Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["postfix"]["helo"] == "<WIN-CLJ1B0GQ6JP>"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["postfix"]["proto"] == "ESMTP"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["postfix"]["to"] == "<spammer@domain.tld>"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["postfix"]["from"] == "<spammer@domain.tld>"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["postfix"]["helo"] == "<WIN-CLJ1B0GQ6JP>"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["postfix"]["proto"] == "ESMTP"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["action"] == "reject"
@@ -343,12 +343,12 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["reason"] ==
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["service"] == "postfix"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["source_hostname"] == "static.1.1.168.192.client.domain.xyz"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["source_ip"] == "192.168.1.1"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["timestamp"] == "2024-06-04T22:24:28Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Enriched["MarshaledTime"] == "2024-06-04T22:24:28Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["postfix"]["from"] == "<spammer@domain.tld>"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["postfix"]["helo"] == "<WIN-CLJ1B0GQ6JP>"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["timestamp"][4:] == "-06-04T22:24:28Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Enriched["MarshaledTime"][4:] == "-06-04T22:24:28Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["postfix"]["proto"] == "ESMTP"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["postfix"]["to"] == "<spammer@domain.tld>"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["postfix"]["from"] == "<spammer@domain.tld>"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["postfix"]["helo"] == "<WIN-CLJ1B0GQ6JP>"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["command"] == "GET / HTTP/1.1"
diff --git a/.tests/postscreen-logs/parser.assert b/.tests/postscreen-logs/parser.assert
index b12001bfe59..1f71f1865d8 100644
--- a/.tests/postscreen-logs/parser.assert
+++ b/.tests/postscreen-logs/parser.assert
@@ -78,8 +78,8 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["machine"] =
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["pregreet"] == "PREGREET"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["service"] == "postscreen"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["source_ip"] == "177.154.236.182"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["timestamp"] == "2024-10-25T04:24:59Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Enriched["MarshaledTime"] == "2024-10-25T04:24:59Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["timestamp"][4:] == "-10-25T04:24:59Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Enriched["MarshaledTime"][4:] == "-10-25T04:24:59Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["count"] == "47"
@@ -99,7 +99,7 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["machine"] =
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["pregreet"] == "PREGREET"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["service"] == "postscreen"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["source_ip"] == "172.16.1.1"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["timestamp"] == "2024-07-12T15:59:44Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Enriched["MarshaledTime"] == "2024-07-12T15:59:44Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["timestamp"][4:] == "-07-12T15:59:44Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Enriched["MarshaledTime"][4:] == "-07-12T15:59:44Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Whitelisted == false
 len(results["success"][""]) == 0
diff --git a/.tests/pterodactyl-wings-bf/scenario.assert b/.tests/pterodactyl-wings-bf/scenario.assert
index 39399585a31..32b354f567a 100644
--- a/.tests/pterodactyl-wings-bf/scenario.assert
+++ b/.tests/pterodactyl-wings-bf/scenario.assert
@@ -10,42 +10,42 @@ results[0].Overflow.Alert.Events[0].GetMeta("log_type") == "pterodactly_wings_in
 results[0].Overflow.Alert.Events[0].GetMeta("service") == "pterodactyl"
 results[0].Overflow.Alert.Events[0].GetMeta("source_ip") == "10.56.3.156"
 results[0].Overflow.Alert.Events[0].GetMeta("target_user") == "administrator"
-results[0].Overflow.Alert.Events[0].GetMeta("timestamp") == "2024-07-02T05:33:46Z"
+results[0].Overflow.Alert.Events[0].GetMeta("timestamp")[4:] == "-07-02T05:33:46Z"
 results[0].Overflow.Alert.Events[1].GetMeta("datasource_path") == "pterodactyl-wings-bf.log"
 results[0].Overflow.Alert.Events[1].GetMeta("datasource_type") == "file"
 results[0].Overflow.Alert.Events[1].GetMeta("log_type") == "pterodactly_wings_invalid_format"
 results[0].Overflow.Alert.Events[1].GetMeta("service") == "pterodactyl"
 results[0].Overflow.Alert.Events[1].GetMeta("source_ip") == "10.56.3.156"
 results[0].Overflow.Alert.Events[1].GetMeta("target_user") == "admin"
-results[0].Overflow.Alert.Events[1].GetMeta("timestamp") == "2024-07-02T05:05:24Z"
+results[0].Overflow.Alert.Events[1].GetMeta("timestamp")[4:] == "-07-02T05:05:24Z"
 results[0].Overflow.Alert.Events[2].GetMeta("datasource_path") == "pterodactyl-wings-bf.log"
 results[0].Overflow.Alert.Events[2].GetMeta("datasource_type") == "file"
 results[0].Overflow.Alert.Events[2].GetMeta("log_type") == "pterodactly_wings_invalid_format"
 results[0].Overflow.Alert.Events[2].GetMeta("service") == "pterodactyl"
 results[0].Overflow.Alert.Events[2].GetMeta("source_ip") == "10.56.3.156"
 results[0].Overflow.Alert.Events[2].GetMeta("target_user") == "admin"
-results[0].Overflow.Alert.Events[2].GetMeta("timestamp") == "2024-07-02T05:05:24Z"
+results[0].Overflow.Alert.Events[2].GetMeta("timestamp")[4:] == "-07-02T05:05:24Z"
 results[0].Overflow.Alert.Events[3].GetMeta("datasource_path") == "pterodactyl-wings-bf.log"
 results[0].Overflow.Alert.Events[3].GetMeta("datasource_type") == "file"
 results[0].Overflow.Alert.Events[3].GetMeta("log_type") == "pterodactly_wings_invalid_format"
 results[0].Overflow.Alert.Events[3].GetMeta("service") == "pterodactyl"
 results[0].Overflow.Alert.Events[3].GetMeta("source_ip") == "10.56.3.156"
 results[0].Overflow.Alert.Events[3].GetMeta("target_user") == "administrator"
-results[0].Overflow.Alert.Events[3].GetMeta("timestamp") == "2024-07-02T05:33:46Z"
+results[0].Overflow.Alert.Events[3].GetMeta("timestamp")[4:] == "-07-02T05:33:46Z"
 results[0].Overflow.Alert.Events[4].GetMeta("datasource_path") == "pterodactyl-wings-bf.log"
 results[0].Overflow.Alert.Events[4].GetMeta("datasource_type") == "file"
 results[0].Overflow.Alert.Events[4].GetMeta("log_type") == "pterodactly_wings_invalid_format"
 results[0].Overflow.Alert.Events[4].GetMeta("service") == "pterodactyl"
 results[0].Overflow.Alert.Events[4].GetMeta("source_ip") == "10.56.3.156"
 results[0].Overflow.Alert.Events[4].GetMeta("target_user") == "administrator"
-results[0].Overflow.Alert.Events[4].GetMeta("timestamp") == "2024-07-02T05:33:46Z"
+results[0].Overflow.Alert.Events[4].GetMeta("timestamp")[4:] == "-07-02T05:33:46Z"
 results[0].Overflow.Alert.Events[5].GetMeta("datasource_path") == "pterodactyl-wings-bf.log"
 results[0].Overflow.Alert.Events[5].GetMeta("datasource_type") == "file"
 results[0].Overflow.Alert.Events[5].GetMeta("log_type") == "pterodactly_wings_invalid_format"
 results[0].Overflow.Alert.Events[5].GetMeta("service") == "pterodactyl"
 results[0].Overflow.Alert.Events[5].GetMeta("source_ip") == "10.56.3.156"
 results[0].Overflow.Alert.Events[5].GetMeta("target_user") == "admin"
-results[0].Overflow.Alert.Events[5].GetMeta("timestamp") == "2024-07-02T05:05:24Z"
+results[0].Overflow.Alert.Events[5].GetMeta("timestamp")[4:] == "-07-02T05:05:24Z"
 results[0].Overflow.Alert.GetScenario() == "lourys/pterodactyl-wings-bf"
 results[0].Overflow.Alert.Remediation == true
 results[0].Overflow.Alert.GetEventsCount() == 9
diff --git a/.tests/pterodactyl-wings/parser.assert b/.tests/pterodactyl-wings/parser.assert
index 12ef54f592a..9ada060c441 100644
--- a/.tests/pterodactyl-wings/parser.assert
+++ b/.tests/pterodactyl-wings/parser.assert
@@ -352,8 +352,8 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["log_type"]
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["service"] == "pterodactyl"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["source_ip"] == "10.56.3.156"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["target_user"] == "admin"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["timestamp"] == "2024-07-02T05:05:24Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Enriched["MarshaledTime"] == "2024-07-02T05:05:24Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["timestamp"][4:] == "-07-02T05:05:24Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Enriched["MarshaledTime"][4:] == "-07-02T05:05:24Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["message"] == "WARN: [Jul  2 05:14:17.037] failed to validate user credentials (invalid username or password) ip=10.23.89.10:30122 subsystem=sftp username=test.3f22e5c8"
@@ -368,8 +368,8 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["log_type"]
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["service"] == "pterodactyl"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["source_ip"] == "10.23.89.10"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["target_user"] == "test.3f22e5c8"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["timestamp"] == "2024-07-02T05:14:17Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Enriched["MarshaledTime"] == "2024-07-02T05:14:17Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["timestamp"][4:] == "-07-02T05:14:17Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Enriched["MarshaledTime"][4:] == "-07-02T05:14:17Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["message"] == "WARN: [Jul  2 05:33:46.809] failed to validate user credentials (invalid format) ip=10.56.3.156:43244 subsystem=sftp username=administrator"
@@ -384,8 +384,8 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["log_type"]
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["service"] == "pterodactyl"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["source_ip"] == "10.56.3.156"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["target_user"] == "administrator"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["timestamp"] == "2024-07-02T05:33:46Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Enriched["MarshaledTime"] == "2024-07-02T05:33:46Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["timestamp"][4:] == "-07-02T05:33:46Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Enriched["MarshaledTime"][4:] == "-07-02T05:33:46Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["message"] == "WARN: [Jul  2 05:05:24.643] failed to validate user credentials (invalid format) ip=10.56.3.156:28050 subsystem=sftp username=admin"
@@ -400,8 +400,8 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["log_type"]
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["service"] == "pterodactyl"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["source_ip"] == "10.56.3.156"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["target_user"] == "admin"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["timestamp"] == "2024-07-02T05:05:24Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Enriched["MarshaledTime"] == "2024-07-02T05:05:24Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["timestamp"][4:] == "-07-02T05:05:24Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Enriched["MarshaledTime"][4:] == "-07-02T05:05:24Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["message"] == "WARN: [Jul  2 05:14:17.037] failed to validate user credentials (invalid username or password) ip=10.23.89.10:30122 subsystem=sftp username=test.3f22e5c8"
@@ -416,8 +416,8 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["log_type"]
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["service"] == "pterodactyl"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["source_ip"] == "10.23.89.10"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["target_user"] == "test.3f22e5c8"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["timestamp"] == "2024-07-02T05:14:17Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Enriched["MarshaledTime"] == "2024-07-02T05:14:17Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["timestamp"][4:] == "-07-02T05:14:17Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Enriched["MarshaledTime"][4:] == "-07-02T05:14:17Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["message"] == " WARN: [Jul  2 05:33:46.809] failed to validate user credentials (invalid format) ip=10.56.3.156:43244 subsystem=sftp username=administrator"
@@ -432,8 +432,8 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["log_type"]
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["service"] == "pterodactyl"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["source_ip"] == "10.56.3.156"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["target_user"] == "administrator"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["timestamp"] == "2024-07-02T05:33:46Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Enriched["MarshaledTime"] == "2024-07-02T05:33:46Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["timestamp"][4:] == "-07-02T05:33:46Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Enriched["MarshaledTime"][4:] == "-07-02T05:33:46Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["message"] == " WARN: [Jul  2 05:05:24.643] failed to validate user credentials (invalid format) ip=10.56.3.156:28050 subsystem=sftp username=admin"
@@ -448,8 +448,8 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["log_type"]
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["service"] == "pterodactyl"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["source_ip"] == "10.56.3.156"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["target_user"] == "admin"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["timestamp"] == "2024-07-02T05:05:24Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Enriched["MarshaledTime"] == "2024-07-02T05:05:24Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["timestamp"][4:] == "-07-02T05:05:24Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Enriched["MarshaledTime"][4:] == "-07-02T05:05:24Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["message"] == "WARN: [Jul  2 05:14:17.037] failed to validate user credentials (invalid username or password) ip=10.23.89.10:30122 subsystem=sftp username=test.3f22e5c8"
@@ -464,8 +464,8 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["log_type"]
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["service"] == "pterodactyl"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["source_ip"] == "10.23.89.10"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["target_user"] == "test.3f22e5c8"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["timestamp"] == "2024-07-02T05:14:17Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Enriched["MarshaledTime"] == "2024-07-02T05:14:17Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["timestamp"][4:] == "-07-02T05:14:17Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Enriched["MarshaledTime"][4:] == "-07-02T05:14:17Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Parsed["message"] == "WARN: [Jul  2 05:33:46.809] failed to validate user credentials (invalid format) ip=10.56.3.156:43244 subsystem=sftp username=administrator"
@@ -480,8 +480,8 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["log_type"]
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["service"] == "pterodactyl"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["source_ip"] == "10.56.3.156"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["target_user"] == "administrator"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["timestamp"] == "2024-07-02T05:33:46Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Enriched["MarshaledTime"] == "2024-07-02T05:33:46Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["timestamp"][4:] == "-07-02T05:33:46Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Enriched["MarshaledTime"][4:] == "-07-02T05:33:46Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Parsed["message"] == " WARN: [Jul  2 05:05:24.643] failed to validate user credentials (invalid format) ip=10.56.3.156:28050 subsystem=sftp username=admin"
@@ -496,8 +496,8 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Meta["log_type"]
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Meta["service"] == "pterodactyl"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Meta["source_ip"] == "10.56.3.156"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Meta["target_user"] == "admin"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Meta["timestamp"] == "2024-07-02T05:05:24Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Enriched["MarshaledTime"] == "2024-07-02T05:05:24Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Meta["timestamp"][4:] == "-07-02T05:05:24Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Enriched["MarshaledTime"][4:] == "-07-02T05:05:24Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Parsed["message"] == " WARN: [Jul  2 05:14:17.037] failed to validate user credentials (invalid username or password) ip=10.23.89.10:30122 subsystem=sftp username=test.3f22e5c8"
@@ -512,8 +512,8 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["log_type"]
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["service"] == "pterodactyl"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["source_ip"] == "10.23.89.10"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["target_user"] == "test.3f22e5c8"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["timestamp"] == "2024-07-02T05:14:17Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Enriched["MarshaledTime"] == "2024-07-02T05:14:17Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["timestamp"][4:] == "-07-02T05:14:17Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Enriched["MarshaledTime"][4:] == "-07-02T05:14:17Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Parsed["message"] == "WARN: [Jul  2 05:33:46.809] failed to validate user credentials (invalid format) ip=10.56.3.156:43244 subsystem=sftp username=administrator"
@@ -528,8 +528,8 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["log_type"]
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["service"] == "pterodactyl"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["source_ip"] == "10.56.3.156"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["target_user"] == "administrator"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["timestamp"] == "2024-07-02T05:33:46Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Enriched["MarshaledTime"] == "2024-07-02T05:33:46Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["timestamp"][4:] == "-07-02T05:33:46Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Enriched["MarshaledTime"][4:] == "-07-02T05:33:46Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Parsed["message"] == "WARN: [Jul  2 05:05:24.643] failed to validate user credentials (invalid format) ip=10.56.3.156:28050 subsystem=sftp username=admin"
@@ -544,8 +544,8 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["log_type"]
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["service"] == "pterodactyl"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["source_ip"] == "10.56.3.156"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["target_user"] == "admin"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["timestamp"] == "2024-07-02T05:05:24Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Enriched["MarshaledTime"] == "2024-07-02T05:05:24Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["timestamp"][4:] == "-07-02T05:05:24Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Enriched["MarshaledTime"][4:] == "-07-02T05:05:24Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Parsed["message"] == "WARN: [Jul  2 05:14:17.037] failed to validate user credentials (invalid username or password) ip=10.23.89.10:30122 subsystem=sftp username=test.3f22e5c8"
@@ -560,8 +560,8 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["log_type"]
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["service"] == "pterodactyl"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["source_ip"] == "10.23.89.10"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["target_user"] == "test.3f22e5c8"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["timestamp"] == "2024-07-02T05:14:17Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Enriched["MarshaledTime"] == "2024-07-02T05:14:17Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["timestamp"][4:] == "-07-02T05:14:17Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Enriched["MarshaledTime"][4:] == "-07-02T05:14:17Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Parsed["message"] == " WARN: [Jul  2 05:33:46.809] failed to validate user credentials (invalid format) ip=10.56.3.156:43244 subsystem=sftp username=administrator"
@@ -576,8 +576,8 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["log_type"]
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["service"] == "pterodactyl"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["source_ip"] == "10.56.3.156"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["target_user"] == "administrator"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["timestamp"] == "2024-07-02T05:33:46Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Enriched["MarshaledTime"] == "2024-07-02T05:33:46Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["timestamp"][4:] == "-07-02T05:33:46Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Enriched["MarshaledTime"][4:] == "-07-02T05:33:46Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["message"] == "WARN: [Aug 22 08:32:21.074] failed to validate user credentials (invalid username or password) ip=10.87.200.23:52205 method=password subsystem=sftp username=rop0glbf.1f6a0e72"
@@ -592,7 +592,7 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["log_type"]
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["service"] == "pterodactyl"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["source_ip"] == "10.87.200.23"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["target_user"] == "rop0glbf.1f6a0e72"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["timestamp"] == "2024-08-22T08:32:21Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Enriched["MarshaledTime"] == "2024-08-22T08:32:21Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["timestamp"][4:] == "-08-22T08:32:21Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Enriched["MarshaledTime"][4:] == "-08-22T08:32:21Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Whitelisted == false
 len(results["success"][""]) == 0
diff --git a/.tests/ssh-timeout/scenario.assert b/.tests/ssh-timeout/scenario.assert
index a744e18fed4..f1fb2029dd1 100644
--- a/.tests/ssh-timeout/scenario.assert
+++ b/.tests/ssh-timeout/scenario.assert
@@ -10,28 +10,28 @@ results[0].Overflow.Alert.Events[0].GetMeta("log_type") == "ssh_dispatch_fatal"
 results[0].Overflow.Alert.Events[0].GetMeta("machine") == "instance-20240401-2335"
 results[0].Overflow.Alert.Events[0].GetMeta("service") == "ssh"
 results[0].Overflow.Alert.Events[0].GetMeta("source_ip") == "192.168.9.213"
-results[0].Overflow.Alert.Events[0].GetMeta("timestamp") == "2024-07-02T11:32:16Z"
+results[0].Overflow.Alert.Events[0].GetMeta("timestamp")[4:] == "-07-02T11:32:16Z"
 results[0].Overflow.Alert.Events[1].GetMeta("datasource_path") == "ssh-timeout.log"
 results[0].Overflow.Alert.Events[1].GetMeta("datasource_type") == "file"
 results[0].Overflow.Alert.Events[1].GetMeta("log_type") == "ssh_dispatch_fatal"
 results[0].Overflow.Alert.Events[1].GetMeta("machine") == "instance-20240401-2335"
 results[0].Overflow.Alert.Events[1].GetMeta("service") == "ssh"
 results[0].Overflow.Alert.Events[1].GetMeta("source_ip") == "192.168.9.213"
-results[0].Overflow.Alert.Events[1].GetMeta("timestamp") == "2024-07-02T11:32:16Z"
+results[0].Overflow.Alert.Events[1].GetMeta("timestamp")[4:] == "-07-02T11:32:16Z"
 results[0].Overflow.Alert.Events[2].GetMeta("datasource_path") == "ssh-timeout.log"
 results[0].Overflow.Alert.Events[2].GetMeta("datasource_type") == "file"
 results[0].Overflow.Alert.Events[2].GetMeta("log_type") == "ssh_dispatch_fatal"
 results[0].Overflow.Alert.Events[2].GetMeta("machine") == "instance-20240401-2335"
 results[0].Overflow.Alert.Events[2].GetMeta("service") == "ssh"
 results[0].Overflow.Alert.Events[2].GetMeta("source_ip") == "192.168.9.213"
-results[0].Overflow.Alert.Events[2].GetMeta("timestamp") == "2024-07-02T11:32:16Z"
+results[0].Overflow.Alert.Events[2].GetMeta("timestamp")[4:] == "-07-02T11:32:16Z"
 results[0].Overflow.Alert.Events[3].GetMeta("datasource_path") == "ssh-timeout.log"
 results[0].Overflow.Alert.Events[3].GetMeta("datasource_type") == "file"
 results[0].Overflow.Alert.Events[3].GetMeta("log_type") == "ssh_dispatch_fatal"
 results[0].Overflow.Alert.Events[3].GetMeta("machine") == "instance-20240401-2335"
 results[0].Overflow.Alert.Events[3].GetMeta("service") == "ssh"
 results[0].Overflow.Alert.Events[3].GetMeta("source_ip") == "192.168.9.213"
-results[0].Overflow.Alert.Events[3].GetMeta("timestamp") == "2024-07-02T11:32:16Z"
+results[0].Overflow.Alert.Events[3].GetMeta("timestamp")[4:] == "-07-02T11:32:16Z"
 results[0].Overflow.Alert.GetScenario() == "crowdsecurity/ssh-cve-2024-6387"
 results[0].Overflow.Alert.Remediation == true
 results[0].Overflow.Alert.GetEventsCount() == 4
@@ -46,28 +46,28 @@ results[1].Overflow.Alert.Events[0].GetMeta("log_type") == "ssh_auth_timeout"
 results[1].Overflow.Alert.Events[0].GetMeta("machine") == "usbkey"
 results[1].Overflow.Alert.Events[0].GetMeta("service") == "ssh"
 results[1].Overflow.Alert.Events[0].GetMeta("source_ip") == "192.168.9.212"
-results[1].Overflow.Alert.Events[0].GetMeta("timestamp") == "2024-07-01T09:30:56Z"
+results[1].Overflow.Alert.Events[0].GetMeta("timestamp")[4:] == "-07-01T09:30:56Z"
 results[1].Overflow.Alert.Events[1].GetMeta("datasource_path") == "ssh-timeout.log"
 results[1].Overflow.Alert.Events[1].GetMeta("datasource_type") == "file"
 results[1].Overflow.Alert.Events[1].GetMeta("log_type") == "ssh_auth_timeout"
 results[1].Overflow.Alert.Events[1].GetMeta("machine") == "usbkey"
 results[1].Overflow.Alert.Events[1].GetMeta("service") == "ssh"
 results[1].Overflow.Alert.Events[1].GetMeta("source_ip") == "192.168.9.212"
-results[1].Overflow.Alert.Events[1].GetMeta("timestamp") == "2024-07-01T09:31:26Z"
+results[1].Overflow.Alert.Events[1].GetMeta("timestamp")[4:] == "-07-01T09:31:26Z"
 results[1].Overflow.Alert.Events[2].GetMeta("datasource_path") == "ssh-timeout.log"
 results[1].Overflow.Alert.Events[2].GetMeta("datasource_type") == "file"
 results[1].Overflow.Alert.Events[2].GetMeta("log_type") == "ssh_auth_timeout"
 results[1].Overflow.Alert.Events[2].GetMeta("machine") == "usbkey"
 results[1].Overflow.Alert.Events[2].GetMeta("service") == "ssh"
 results[1].Overflow.Alert.Events[2].GetMeta("source_ip") == "192.168.9.212"
-results[1].Overflow.Alert.Events[2].GetMeta("timestamp") == "2024-07-01T09:31:56Z"
+results[1].Overflow.Alert.Events[2].GetMeta("timestamp")[4:] == "-07-01T09:31:56Z"
 results[1].Overflow.Alert.Events[3].GetMeta("datasource_path") == "ssh-timeout.log"
 results[1].Overflow.Alert.Events[3].GetMeta("datasource_type") == "file"
 results[1].Overflow.Alert.Events[3].GetMeta("log_type") == "ssh_auth_timeout"
 results[1].Overflow.Alert.Events[3].GetMeta("machine") == "usbkey"
 results[1].Overflow.Alert.Events[3].GetMeta("service") == "ssh"
 results[1].Overflow.Alert.Events[3].GetMeta("source_ip") == "192.168.9.212"
-results[1].Overflow.Alert.Events[3].GetMeta("timestamp") == "2024-07-01T09:32:26Z"
+results[1].Overflow.Alert.Events[3].GetMeta("timestamp")[4:] == "-07-01T09:32:26Z"
 results[1].Overflow.Alert.GetScenario() == "crowdsecurity/ssh-cve-2024-6387"
 results[1].Overflow.Alert.Remediation == true
 results[1].Overflow.Alert.GetEventsCount() == 4