2.3.1 Alerts search broken?

[jmptbl]

Hi there. First time user of Security Onion. Started out with a 2.3.1 ISO installation. Seems to be working, but the Alerts page seems to be broken, I think. If I simply navigate to Alerts from the left side menu, a list of events are displayed in the search results. If I try to change any of the search filters, all events disappear from the results.

It seems to be related to the ?range= URL parameter on the /api/events/?query=event.dataset:alert GET request. When one navigates to Alerts from the side menu, range is set to an empty value, and many events are returned. When changing any of the search filters, range gets set to a value such as the following, and no events are returned in the request:

range=2020%2F10%2F24+05:53:02+PM+-+2020%2F10%2F25+04:53:02+PM

The range URL parameter relates to the "Last" filter field at the top of the Alerts page. Of course it didn't seem to matter how broad a time range is set here.

Any one else experiencing this?

[dougburks]

The Alerts page works fine for me.

Are you accessing the installation locally using the Analyst desktop or are you accessing it from a remote web browser?

What web browser are you using?

What timezone are you in?

Any clues in the logs?

[jertel]

The issue with navigating to Alerts or Hunt for the first time after logging into SOC, and it not using the correct time range will be corrected in the next release.

[jmptbl]

Hi @dougburks @jertel

Looks like it was a temporary issue for me as well. Since logging into SO again a day later, the Alerts section has started behaving normally. Very much looking forward to exploring SO further now! Impressive project so far. Compliments to all the chefs. :)

Thank you!