Enterprise EDR API: Results for legacy_alert_id different when using create_time or first_event_time
book
Article ID: 286382
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
- API queries matching on legacy_alert_id show different results if using create_time or first_event_time
Environment
- Enterprise EDR API
- Enterprise EDR Sensor
Cause
- A Bug was found in how searches were executed with CB Analytics and VMware Carbon Black Cloud Enterprise EDR data that incorrectly matched the values
Resolution
- The fix for this has been implemented. If this issue occurs for you please open a Support Case.
Feedback
thumb_up
Yes
thumb_down
No