Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

CB Protection: Why Are There Two Timestamp Fields for Events in the Database?

CB Protection: Why Are There Two Timestamp Fields for Events in the Database?

Environment

  • CB Protection Server: 7.x and Higher
  • Microsoft SQL Server: All Supported Versions

Question

Why Are There Two Timestamp Fields for Events in the Database?

Answer

  • When querying the DAS database for event information, there are two timestamp fields for each event:
    • Timestamp
    • ReceivedTimestamp
  • The Timestamp field refers to the date/time the agent saw the event occur on the endpoint.
  • The ReceivedTimestamp field refers to the date/time the server/database received that information.

Additional Notes

  • When querying the das database, we recommend using the "bit9_public.Ex*" views.
  • Time difference between the two fields can vary depending on agent and server backlog.

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎03-07-2019
Views:
186
Contributors