Last Event Time in alert dialog does not correlate with logs
search cancel

Last Event Time in alert dialog does not correlate with logs

book

Article ID: 262857

calendar_today

Updated On:

Products

Security Analytics Security Analytics - VA

Issue/Introduction

On the Alert page in Security Analytics, there are several fields including one called Last Event Time.  In SA, it may be difficult to correlate the Last Event Time with the actual alert, especially when the Last Event Time seems to have a newer, more recent date than the Initial Alert Time.  In the sceenshot below, the Initial and Last Event time are the same.

Environment

Release 8.2.7 and earlier

Cause

This bug is normally more evident in a Central Manager setup.  There is a potential problem where even though the Initial Alert Time is static, the CMC keeps getting updates leading the user to believe that this alert is continuing to occur.

Resolution

This will be resolved in SA version 8.2.8.  Until then, the Last Event Time can be ignored.  The Initial Alert Time is accurate and can be trusted.

Powered by Wolken Software