Enterprise EDR API: Results for legacy_alert_id different when using create_time or first_event_time

Enterprise EDR API: Results for legacy_alert_id different when using create_time or first_event_time

search cancel

Enterprise EDR API: Results for legacy_alert_id different when using create_time or first_event_time

book

Article ID: 286382

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

API queries matching on legacy_alert_id show different results if using create_time or first_event_time

Environment

Enterprise EDR API
Enterprise EDR Sensor

Cause

A Bug was found in how searches were executed with CB Analytics and VMware Carbon Black Cloud Enterprise EDR data that incorrectly matched the values

Resolution

The fix for this has been implemented. If this issue occurs for you please open a Support Case.

Feedback

thumb_up Yes

thumb_down No