Carbon Black Cloud: Why are events and alerts showing with date/time in the future?
search cancel

Carbon Black Cloud: Why are events and alerts showing with date/time in the future?

book

Article ID: 287689

calendar_today

Updated On:

Products

Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Why are events and alerts showing with dates in the future?

Environment

Carbon Black Cloud Console: All Versions
Carbon Black Cloud Sensor: All Versions
 

Resolution

  • Caused by anomalous changes to the endpoint's system time which the sensor relies on to assign timestamps to events/alerts. 
  • Most commonly occurs when system time changes backwards then forwards

Additional Information

The backend tries to account for this with a "sensor drift" calculation. In cases with potentially large time discrepancies on the endpoint, this results in pushing events into the future.
Powered by Wolken Software