I'm trying to get a first_seen_time for MAC address assets in a rule, but finding that a majority of the derived_context asset entities have entity.asset.first_seen_time set as 1 second after epoch. Motivation being to create a rule similar to the on...