When trying to filter results in Red Canary, the date filters just are not working at all. This is happening on the Endpoints page as well as on Confirmed Threats when trying to filter for detections between Dec 10, 2020 and May 10, 2021.
My filter syntax is:
... but I am continuously getting 0 results even though I can see there are detections that were published in this timeframe.
For date searches, a filter should be used to yield the best results.
published_at: . In this case, the filter below would work:
This can be a bit misleading, as if you filter based on something like
adware you get results just fine, while a filter like
acknowledged doesn’t yield the expected results. The reason is that for certain values, a filter (or field) is required to search against that field's values. Best practice is to use the appropriate filter when conducting searches in Red Canary.