logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: What are the differences between the searchable timestamps in the console?

Carbon Black Cloud: What are the differences between the searchable timestamps in the console?

Environment

Carbon Black Cloud Console: All Versions

Question

Why is there a difference between backend_timestamp, created_timestamp, device_timestamp and event_timestamp?

Answer

event_timestamp
  • Timestamp reported by the sensor when the event occurred
device_timestamp
  • Sensor-reported timestamp of the batch of events in which this record was submitted to the Carbon Black Cloud console
backend_timestamp
  • Timestamp in which Carbon Black Cloud processed and enabled the data for searching; occurs after ingress_time; may differ from device_timestamp by a few minutes due to asynchronous processing
created_timestamp
  • Timestamp that is created every time the process analysis page is loaded and is used internally for CBC systems and not relevant to customers

Additional Notes

More information on timestamps can be reviewed in the article below

Search Fields - Processes and Enriched Events - Carbon Black Developer Network

Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎01-19-2022
Views:
504
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.