Closed amallais-transit closed 1 year ago
Are you able to try the development builds? I've done away with the ';' separators so this is likely fixed.
If not that's ok. I'll be able to try soon but likely not this week.
I could, but do I need to update the agent too ? If I can just replace the server, I can try later today
I could, but do I need to update the agent too ? If I can just replace the server, I can try later today
You can just update the server. Are you using Elasticsearch or SQLite? If elastic you can downgrade without issue. If SQLite, well I haven't tested that scenario yet as a lot of work has gone into sqlite.
Ok, so I tried updating to the unstable branch.
Now I cannot click on any IP in the reports -> alerts so I cannot test here
In the main inbox, there is now only a archive button. Filter on is gone, Escalate is gone. so I'm not sure how I can test if the issue is resolved :/
Oh. Sorry to have guided you here. The 0.16.0 had a lot of nits in the UI. Some I fixed by disabling to get back to and this is one. Noted.
well, for what it matters, clicking on IP details or SID "inside" an alert, does add the filter the correct way. So I think yes the unstable version works correctly regarding filters.
Re-added, and fixed in master branch.
example of bad query string : /inbox;q=alert.signature_id:10002317
If I modify it in the url bar directly and replace the ; with a ? it works
same happens if I open reports -> alerts, then select an IP the query string looks like this : /#/events;q=%2B"10.10.100.11"
Entering the filter in the filter box works as normal.
I can provide more details about my setup if needed.