Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: How is the Event Time in the CBC Console Determined?

Carbon Black Cloud: How is the Event Time in the CBC Console Determined?

Environment

  • Carbon Black Cloud Console: All Versions
  • Carbon Black Cloud Sensor: All Versions

Question

  • The dashboard displays the Event Timeline based on the local timezone of the web browser, and not the timezone used by the endpoint/device where the sensor is installed

Answer

  • The web console uses the time settings of the local machine to determine the current time and to assign the time to display when reviewing Events and Alerts. The sensor uses the time settings of the endpoint to determine local time.

Additional Notes

  • As Event information is sent from the Sensor to the Web Console, the time displayed should reflect that of the machine of the person logged into the Web Console, so all Events are shown as they happened chronologically.
  • It is easier to search for and keep track of EventIDs and AlertIDs, as these are not time-based.
  • Always be aware of any differences in timezone settings between machines in the organization.
  • If the administrators (or security investigators) have different timezone settings from the endpoint, the time displayed in the Web Console may be different from the event time as perceived by the endpoint. Adjust for any time differences when searching for Events.
  • If the administrators (or security investigators) traveled across time zones - previously displayed events will then be shifted to the new timezone. This can make it look like previously seen events have disappeared, when the events are displayed at a different relative time.

Related Content


Was this article helpful? Yes No
0% helpful (0/1)
Article Information
Author:
Creation Date:
‎08-04-2016
Views:
1386
Contributors