Hi! Today I got a report, which generated by this criteria: (Event Received Time Is within the last 1 Days and Threat Type Does not equal access protection and Threat Name Does not equal "none")
However, I got a report, wich have entries on the attached picture. I want to know, why there is generated events beyond of date, specified in the criteria (in the report should be an events from 28/03, but in fact there an events of '15 year)?
Your report shows event generated time and your criteria seems to be event received time. There can be a delay between the event on a device and the event ending on ePO since it is a store and forward architecture, devices can be down/offline, ASCI plays a role