Hello
I have a more theoretical question regarding the operation of the console: the start time and end time values of the event in the system match.
It is right? Is it possible that something is configured incorrectly?
Thanks in advance
Bohdan
Cybersecurity
DevOps Cloud (ADM)
IT Operations Cloud
Hello
I have a more theoretical question regarding the operation of the console: the start time and end time values of the event in the system match.
It is right? Is it possible that something is configured incorrectly?
Thanks in advance
Bohdan
Hello Bohdan,
just to clarify:
- Start Time and End Time are information taken from the event itself.
- Agent Recipet Time is the time added by the Smart Connector once the event is received.
- Manager Recepit Time is the time added by ESM once the event is received.
Start Time and End Time matching is normal behavior which indicates that the event started and ended at the same time and that's information provided by the device.
Few examples of when you should start to worry :
- if the Start Time / End Time ( 01 June 2000 12:49:00 for example ) is way different than the Agent Recipet time ( 19 June 2024 12:49:00) you need to look at how the time is configured on the End Device that sent the events and configure properly the time.
- if Agent Recipet time ( 19 June 2024 08:49:00 ) is lower than Manager Recepit Time ( 19 June 2024 12:49:00) that means the connector is caching or queuing and took a few hours for the events to be received.
Best Regards,
Daniel