What timestamp is shown for incidents from different timezones than Enforce?

book

Article ID: 159626

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

Questions:

If an Endpoint resides in a different timezone, what time shows in the Enforce Server?

If a Cloud or other detector detects incidents in other timezones what time shows in Enforce?

Resolution

The occurred on time within the incident snapshot of an Endpoint incident is based on the time stated on the Endpoint Agent machine.  The time is then modified to the local time of the Enforce Server. (+/- hours in accordance to timezone.)

 

For example, an Endpoint Agent is in Salt Lake City, which is MST.  The Enforce Server is in Los Angeles, in PST.  MST is one hour ahead of PST. 

 

The incident occurs at 2:00 PM MST. 

The occurred on time in the incident reads 1:00 PM.

Reported on time is the time that the incident is processed by the Enforce Server in the timezone of the Enforce Server.

 

This process works the same for cloud detectors and all other incidents for that matter.