Cb Response: Watchlist search_timestamp field format different for binary and event based watchlists
search cancel

Cb Response: Watchlist search_timestamp field format different for binary and event based watchlists

book

Article ID: 290105

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • search_timestamp in the watchlist_entries table show the UTC timezone (Z) timstamps on binary watchlists and watchlists that have never run
  • search_timestamp in the watchlist_entries table does not show the UTC timezone (Z) on timestamps for the event based watchlists

Environment

  • Cb Response Server: 6.2.3 and Higher

Cause

There was an update in 6.2.3 that started adding the timezone to binary watchlists

Resolution

There is no resolution at this time, an internal action item was added to update event based watchlist timestamps to match - CB-22808

Additional Information

  • Both formats are still in Unicode and should not affect any behavior within the Response environment 
Powered by Wolken Software