When trying to filter results in Red Canary, the date filters just are not working at all. This is happening on the Endpoints page as well as on Threats when trying to filter for threats between Dec 10, 2020 and May 10, 2021.
My filter syntax is:
... but I am continuously getting 0 results even though I can see there are threats that were published in this timeframe.
For date searches, an attribute filter should be used to yield the best results.
For instance, filter against the attribute
published_at: . In this case, the filter below would work:
This can be a bit misleading, as if you filter based on something like
adware you get results just fine, while a filter like
acknowledged doesn’t yield the expected results. The reason is that for certain values, an attribute filter is required to search against that field's values. Best practice is to use the appropriate attribute filter when conducting searches in Red Canary.