Cb Response: Discrepancy On Watchlist Run Time and Results Last Update Time on Watchlist Page
search cancel

Cb Response: Discrepancy On Watchlist Run Time and Results Last Update Time on Watchlist Page

book

Article ID: 289739

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Why on watchlist page, the last run time of watchlist on the left panel has a big discrepancy than the last up time of processes on the right panel?

Environment

  • Cb Response Server: 6.X

Resolution

  • The left side only updates when there is a new process instance match found by watchlist search cron job. 
  • The right side is a live process search. Like you do a query search on Process Search page. When you click on the watchlist name, system runs a live process search and present you results. A process instance has start time and update time. The process got started at one timestamp, and when it has a new event we give it an update time. So the UPDATE time you are seeing is the last time this process instance has a new event. 
Powered by Wolken Software