logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

CB Protection: Why Are There Two Timestamp Fields for Events in the Database?

CB Protection: Why Are There Two Timestamp Fields for Events in the Database?

Environment

  • CB Protection Server: 7.x and Higher
  • Microsoft SQL Server: All Supported Versions

Question

Why Are There Two Timestamp Fields for Events in the Database?

Answer

  • When querying the DAS database for event information, there are two timestamp fields for each event:
    • Timestamp
    • ReceivedTimestamp
  • The Timestamp field refers to the date/time the agent saw the event occur on the endpoint.
  • The ReceivedTimestamp field refers to the date/time the server/database received that information.

Additional Notes

  • When querying the das database, we recommend using the "bit9_public.Ex*" views.
  • Time difference between the two fields can vary depending on agent and server backlog.

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎03-07-2019
Views:
248
Contributors
logo