Carbon Black Cloud: When are timestamps used in PID values for API results determined?
search cancel

Carbon Black Cloud: When are timestamps used in PID values for API results determined?

book

Article ID: 288691

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

  • When are timestamps used in PID values for API results determined?

Environment

  • Carbon Black Cloud Event Forwarder API

Resolution

Time stamp values are set from process start

Additional Information

When gathering API data the process fields may show as similar to below 
123-1610280010-1
In these cases the first section is the PID for the Process in question. The second portion is the Epoch Timestamp for when the Process started. This example is for January 10th, 12:00:10 PM GMT, but can show for Events at later dates. 






 
Powered by Wolken Software