logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

CB Protection: Why Are There Two Timestamp Fields for Events in the Database?

CB Protection: Why Are There Two Timestamp Fields for Events in the Database?

Environment

  • CB Protection Server: 7.x and Higher
  • Microsoft SQL Server: All Supported Versions

Question

Why Are There Two Timestamp Fields for Events in the Database?

Answer

  • When querying the DAS database for event information, there are two timestamp fields for each event:
    • Timestamp
    • ReceivedTimestamp
  • The Timestamp field refers to the date/time the agent saw the event occur on the endpoint.
  • The ReceivedTimestamp field refers to the date/time the server/database received that information.

Additional Notes

  • When querying the das database, we recommend using the "bit9_public.Ex*" views.
  • Time difference between the two fields can vary depending on agent and server backlog.

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎03-07-2019
Views:
373
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.