EDR: Event Timestamps are from the Future or in the Past
Article ID: 284755
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- Events appear with timestamps from several weeks to years in the future or past from when the event actually occurred
Environment
- EDR Server: All Supported Versions
- EDR Sensor: All Supported Versions
Cause
The clock on the endpoint is incorrect
Resolution
The sensor event dates are based on the endpoint's clock. The time must be adjusted on the endpoint to reflect a correct date/time
Additional Information
Sensor clock delta can be checked on the sensor dashboard in the EDR web UI
Feedback
Yes
No
Powered by
