logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Carbon Black Cloud: Why are events and alerts showing with date/time in the future?

Carbon Black Cloud: Why are events and alerts showing with date/time in the future?

Environment

Carbon Black Cloud Console: All Versions
Carbon Black Cloud Sensor: All Versions
 

Question

Why are events and alerts showing with dates in the future?

Answer

  • Caused by anomalous changes to the endpoint's system time which the sensor relies on to assign timestamps to events/alerts. 
  • Most commonly occurs when system time changes backwards then forwards

Additional Notes

The backend tries to account for this with a "sensor drift" calculation. In cases with potentially large time discrepancies on the endpoint, this results in pushing events into the future.

Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎05-06-2022
Views:
253
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.