EDR: Inconsistent Results When Using the Custom Timeframe Search from the Drop-down on Process Search Page
search cancel

EDR: Inconsistent Results When Using the Custom Timeframe Search from the Drop-down on Process Search Page

book

Article ID: 289094

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • Searches using a custom time frame can sometimes show inconsistent results over smaller time periods (1-2 days)

Environment

  • EDR (formerly CB Response) Console: 6.2.4 and Higher
  • Process Search page

Cause

  • Appears to be a repeatable defect that is being investigated in EA-13970

Resolution

There is no resolution at this time, because this issue is still under investigation.

Additional Information

  • Workaround: You can use the '+ Add Search Terms' function to specify a time period and the results should show consistently.
    • Set the Time dropdown for ALL TIME, then Click '+Add Search Terms'
    • Choose Criteria dropdown > Time > Last Event received
    • Click the radio button for the After/Before section and put in the date
    • Click Add Terms
Powered by Wolken Software