Environment
- CB ThreatHunter Web Console: All Versions
- CB PSC Sensor: 3.4.x.x and higher
- Microsoft Windows: All Supported Versions
Objective
Filter events on the Process Analysis page using the event_timestamp search field
Resolution
- Navigate to the Investigate page
- Select the desired process name hyperlink or select the Process Analysis icon
- Within the Process Analysis page scroll down to the search bar
- Enter the event_timestamp search field in the search bar utilizing the following syntax
- event_timestamp:[YYYY-MM-DDTHH:MM:SS TO YYYY-MM-DDTHH:MM:SS]
Additional Notes
- Specifying a timezone for the event_timestamp search field is currently not possible
- Times that are entered in the event_timestamp search field will need to account for the UTC timezone. For example:
- A user based in the EDT timezone filtering for events that happened at 6:00 a.m. will need to enter 10:00 a.m. for the time range in the above event_timestamp syntax example
