Cb Response: Watchlist search_timestamp field format different for binary and event based watchlists
book
Article ID: 290105
calendar_today
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- search_timestamp in the watchlist_entries table show the UTC timezone (Z) timstamps on binary watchlists and watchlists that have never run
- search_timestamp in the watchlist_entries table does not show the UTC timezone (Z) on timestamps for the event based watchlists
Environment
- Cb Response Server: 6.2.3 and Higher
Cause
There was an update in 6.2.3 that started adding the timezone to binary watchlists
Resolution
There is no resolution at this time, an internal action item was added to update event based watchlist timestamps to match - CB-22808
Additional Information
- Both formats are still in Unicode and should not affect any behavior within the Response environment
Feedback
thumb_up
Yes
thumb_down
No