logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Cb Response: Discrepancy On Watchlist Run Time and Results Last Update Time on Watchlist Page

Cb Response: Discrepancy On Watchlist Run Time and Results Last Update Time on Watchlist Page

Environment

  • Cb Response Server: 6.X

Question

Why on watchlist page, the last run time of watchlist on the left panel has a big discrepancy than the last up time of processes on the right panel?

Answer

  • The left side only updates when there is a new process instance match found by watchlist search cron job. 
  • The right side is a live process search. Like you do a query search on Process Search page. When you click on the watchlist name, system runs a live process search and present you results. A process instance has start time and update time. The process got started at one timestamp, and when it has a new event we give it an update time. So the UPDATE time you are seeing is the last time this process instance has a new event. 

Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎09-10-2018
Views:
421
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.