Carbon Black Cloud: What are the differences between the searchable timestamps in the console?
search cancel

Carbon Black Cloud: What are the differences between the searchable timestamps in the console?

book

Article ID: 291550

calendar_today

Updated On:

Products

Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Why is there a difference between backend_timestamp, created_timestamp, device_timestamp and event_timestamp?

Environment

Carbon Black Cloud Console: All Versions

Resolution

event_timestamp
  • Timestamp reported by the sensor when the event occurred
device_timestamp
  • Sensor-reported timestamp of the batch of events in which this record was submitted to the Carbon Black Cloud console
backend_timestamp
  • Timestamp in which Carbon Black Cloud processed and enabled the data for searching; occurs after ingress_time; may differ from device_timestamp by a few minutes due to asynchronous processing
created_timestamp
  • Timestamp that is created every time the process analysis page is loaded and is used internally for CBC systems and not relevant to customers

Additional Information

More information on timestamps can be reviewed in the article below

https://developer.carbonblack.com/reference/carbon-black-cloud/platform/latest/platform-search-fields/
Powered by Wolken Software