By default the CA Data Protection (DataMinder) iConsole displays the timestamp associated with the time an event (email) was processed by the Data Protection system. Where real-time protection is employed (ie End point integration) this usually coincides with the timestamp when the event (email) was sent. However this can differ if the event is imported at a later stage and occasionally where the timestamps have been manufactured (i.e. spam). As a result there may be some discrepancies between the timestamp in the iConsole timestamp column and the the timestamp in the event summary pane.
<Please see attached file for image>
Two common reasons for discrepancies are detailed below:
Applicable to all Data Protection (DataMinder) builds.
Where an event is ingested via import the import job can be configured to use either the process timestamp or the event timestamp. This is achieved by editing the import configuration file (i.e. import.ini) and adding the following syntax (Defaults to Yes):
EMail.EventDateFromEMail=Yes or No
If this parameter is set to 'Yes' the timestamp reflects the time and date in the email, based on the delivery time or time sent, if the email does not contain the delivery time or time sent, the Event Import process sets the timestamp to the time of import.
If this parameter is set to 'No', the timestamp reflects the time of import.