Hosted EDR: Timestamps From Forwarded Data From Hosted EDR Server Are Incorrectly Formatted

Hosted EDR: Timestamps From Forwarded Data From Hosted EDR Server Are Incorrectly Formatted

search cancel

Hosted EDR: Timestamps From Forwarded Data From Hosted EDR Server Are Incorrectly Formatted

book

Article ID: 287263

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Timestamps from data forwarded from Hosted EDR Server to Splunk are incorrectly formatted.
Fix referenced in https://docs.splunk.com/Documentation/Splunk/8.0.1/ReleaseNotes/FixDatetimexml2020 already applied.

Environment

Hosted EDR: 6.5.2 and Higher

Cause

Related to issue described in CB-30343.

Resolution

There is no resolution or workaround for this issue at this time.

Additional Information

The Splunk app for Hosted EDR is no longer compatible with the Hosted EDR product.
The following are the currently supported connectors for Hosted EDR: https://community.carbonblack.com/t5/Knowledge-Base/CB-Response-Cloud-What-are-the-Supported-Vendors-for-the-CB/ta-p/66493

Feedback

thumb_up Yes

thumb_down No