diff --git a/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.e2e-spec.ts b/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.e2e-spec.ts
index 6b2ffd0b2f..b0574eea06 100644
--- a/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.e2e-spec.ts
+++ b/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.e2e-spec.ts
@@ -147,4 +147,195 @@ describe('metron-alerts App', function() {
 
   });
 
+  it('should have all time-range controls', () => {
+    let quickRanges = [
+      'Last 7 days', 'Last 30 days', 'Last 60 days', 'Last 90 days', 'Last 6 months', 'Last 1 year', 'Last 2 years', 'Last 5 years',
+      'Yesterday', 'Day before yesterday', 'This day last week', 'Previous week', 'Previous month', 'Previous year', 'All time',
+      'Today', 'Today so far', 'This week', 'This week so far', 'This month', 'This year',
+      'Last 5 minutes', 'Last 15 minutes', 'Last 30 minutes', 'Last 1 hour', 'Last 3 hours', 'Last 6 hours', 'Last 12 hours', 'Last 24 hours'
+    ];
+
+    page.clickDateSettings();
+    expect(page.getTimeRangeTitles()).toEqual(['Time Range', 'Quick Ranges']);
+    expect(page.getQuickTimeRanges()).toEqual(quickRanges);
+    expect(page.getValueForManualTimeRange()).toEqual([ 'now', 'now' ]);
+    expect(page.isManulaTimeRangeApplyButtonPresent()).toEqual(true);
+    expect(page.getTimeRangeButtonText()).toEqual('All time');
+    page.clickDateSettings();
+
+  });
+
+  it('should have all time range values populated - 1', () => {
+    let secInADay = (24 * 60 * 60 * 1000);
+
+    page.clickClearSearch();
+    expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz(['All time'], 'for all-time');
+
+    page.clickDateSettings();
+    page.selectQuickTimeRange('Last 7 days');
+    expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz(['Last 7 days', String(secInADay * 7)], 'for last 7 days');
+
+    page.clickDateSettings();
+    page.selectQuickTimeRange('Last 30 days');
+    expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz(['Last 30 days', String(secInADay * 30)], 'for last 30 days');
+
+    page.clickDateSettings();
+    page.selectQuickTimeRange('Last 60 days');
+    expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz(['Last 60 days', String(secInADay * 60)], 'for last 60 days');
+
+    page.clickDateSettings();
+    page.selectQuickTimeRange('Last 90 days');
+    expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz(['Last 90 days', String(secInADay * 90)], 'for last 90 days');
+
+
+    page.clickDateSettings();
+    page.selectQuickTimeRange('Last 1 year');
+    expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz(['Last 1 year', String(secInADay * 365)], 'for last 1 year');
+
+    page.clickDateSettings();
+    page.selectQuickTimeRange('Last 2 years');
+    expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz(['Last 2 years', String((secInADay * 365 * 2) + secInADay)], 'for last 2 years');
+
+    page.clickDateSettings();
+    page.selectQuickTimeRange('Last 5 years');
+    expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz(['Last 5 years', String((secInADay * 365 * 5) + secInADay)], 'for last 5 years');
+
+    page.clickClearSearch();
+  });
+
+  it('should have all time range values populated - 2', () => {
+    let secInADay = (24*60*60*1000);
+
+    page.clickDateSettings();
+    page.selectQuickTimeRange('Yesterday');
+    expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Yesterday', String(secInADay - 1000)], 'yesterday');
+
+    page.clickDateSettings();
+    page.selectQuickTimeRange('Day before yesterday');
+    expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Day before yesterday', String(secInADay - 1000)], 'day before yesterday');
+
+    page.clickDateSettings();
+    page.selectQuickTimeRange('This day last week');
+    expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'This day last week', String(secInADay - 1000)], 'this day last week');
+
+    page.clickDateSettings();
+    page.selectQuickTimeRange('Previous week');
+    expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Previous week', String((secInADay * 7) - (1000))], 'for previous week');
+
+    page.clickClearSearch();
+  });
+
+  it('should have all time range values populated - 3', () => {
+    let secInADay = (24*60*60*1000);
+
+    page.clickDateSettings();
+    page.selectQuickTimeRange('Today');
+    expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Today', String(secInADay - 1000)], 'for today');
+
+    page.clickDateSettings();
+    page.selectQuickTimeRange('This week');
+    expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'This week', String((secInADay*7) - 1000)], 'for this week');
+
+    page.clickClearSearch();
+  });
+
+  it('should have all time range values populated - 4', () => {
+    let secInADay = (24*60*60*1000);
+
+    page.clickDateSettings();
+    page.selectQuickTimeRange('Last 5 minutes');
+    expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Last 5 minutes', String(5 * 60 * 1000)], 'for last 5 minutes');
+
+    page.clickDateSettings();
+    page.selectQuickTimeRange('Last 15 minutes');
+    expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Last 15 minutes', String(15 * 60 * 1000)], 'for last 15 minutes');
+
+    page.clickDateSettings();
+    page.selectQuickTimeRange('Last 30 minutes');
+    expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Last 30 minutes', String(30 * 60 * 1000)], 'for last 30 minutes');
+
+    page.clickDateSettings();
+    page.selectQuickTimeRange('Last 1 hour');
+    expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Last 1 hour', String(60 * 60 * 1000)], 'for last 1 hour');
+
+    page.clickDateSettings();
+    page.selectQuickTimeRange('Last 3 hours');
+    expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Last 3 hours', String(3 * 60 * 60 * 1000)], 'for last 3 hours');
+
+    page.clickDateSettings();
+    page.selectQuickTimeRange('Last 6 hours');
+    expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Last 6 hours', String(6 * 60 * 60 * 1000)], 'for last 6 hours');
+
+    page.clickDateSettings();
+    page.selectQuickTimeRange('Last 12 hours');
+    expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Last 12 hours', String(12 * 60 * 60 * 1000)], 'for last 12 hours');
+
+    page.clickDateSettings();
+    page.selectQuickTimeRange('Last 24 hours');
+    expect(page.getTimeRangeButtonAndSubText()).toEqualBcoz([ 'Last 24 hours', String(24 * 60 * 60 * 1000)], 'for last 24 hours');
+
+    page.clickClearSearch();
+  });
+
+  it('should disable date picker when timestamp is present in search', () => {
+    page.clickTableText('2017-09-13 18:02:20');
+    expect(page.isDateSeettingDisabled()).toEqual(true);
+
+    page.clickClearSearch();
+    expect(page.isDateSeettingDisabled()).toEqual(false);
+
+    page.clickTableText('alerts_ui_e2e');
+    expect(page.isDateSeettingDisabled()).toEqual(false);
+
+    page.clickClearSearch();
+  });
+
+  it('should have now included when to date is empty', () => {
+    page.clickDateSettings();
+    page.setDate(0, '2017', 'September', '13', '23', '29', '35');
+    page.selectTimeRangeApplyButton();
+    expect(page.getTimeRangeButtonTextForNow()).toEqual([ 'Date Range', '2017-09-13 23:29:35 to now' ]);
+
+    page.clickClearSearch();
+  });
+  
+  it('should have all time-range included while searching', () => {
+    page.clearLocalStorage();
+    page.clickDateSettings();
+
+    /* Select Last 5years for time range */
+    page.selectQuickTimeRange('Last 5 years');
+    expect(page.getTimeRangeButtonText()).toEqual('Last 5 years');
+
+    /* Select custom date for time range */
+    page.clickDateSettings();
+    page.setDate(0, '2017', 'September', '13', '23', '29', '35');
+    page.setDate(1, '2017', 'September', '13', '23', '29', '40');
+    page.selectTimeRangeApplyButton();
+    expect(page.getChangesAlertTableTitle('Alerts (169)')).toEqual('Alerts (5)');
+
+    /* Save custom date in saved searches */
+    page.saveSearch('e2e-2');
+    page.clickSavedSearch();
+    expect(page.getRecentSearchOptions()).toContain('timestamp:last-5-years', 'for recent search options');
+    expect(page.getSavedSearchOptions()).toEqual(['e2e-2'],
+                                                    'for saved search options');
+    page.clickCloseSavedSearch();
+
+    /* Clear Search should should show all rows */
+    page.clickClearSearch();
+    expect(page.getChangesAlertTableTitle('Alerts (5)')).toEqual('Alerts (169)');
+
+    /* Load the saved search */
+    page.clickSavedSearch();
+    page.loadSavedSearch('e2e-2');
+    expect(page.getChangesAlertTableTitle('Alerts (169)')).toEqual('Alerts (5)');
+
+    /* Load recent search */
+    page.clickSavedSearch();
+    page.loadRecentSearch('last-5-years');
+    expect(page.getChangesAlertTableTitle('Alerts (5)')).toEqual('Alerts (169)');
+
+  });
+
 });
diff --git a/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.po.ts b/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.po.ts
index 7fee303647..4a97917365 100644
--- a/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.po.ts
+++ b/metron-interface/metron-alerts/e2e/alerts-list/alerts-list.po.ts
@@ -17,7 +17,7 @@
  */
 
 import {browser, element, by, protractor} from 'protractor';
-import {waitForElementVisibility, waitForElementPresence} from '../utils/e2e_util';
+import {waitForElementVisibility, waitForElementPresence, waitForElementInVisibility} from '../utils/e2e_util';
 
 export class MetronAlertsPage {
   navigateTo() {
@@ -124,7 +124,7 @@ export class MetronAlertsPage {
   }
 
   getSettingsLabels() {
-    return element.all(by.css('form label:not(.switch)')).getText();
+    return element.all(by.css('app-configure-rows  form label:not(.switch)')).getText();
   }
 
   getRefreshRateOptions() {
@@ -152,12 +152,14 @@ export class MetronAlertsPage {
   }
 
   clickConfigureTable() {
-    element(by.css('app-alerts-list .fa.fa-cog.configure-table-icon')).click();
+    let gearIcon = element(by.css('app-alerts-list .fa.fa-cog.configure-table-icon'));
+    waitForElementVisibility(gearIcon).then(() => gearIcon.click());
     browser.sleep(1000);
   }
 
   clickCloseSavedSearch() {
     element(by.css('app-saved-searches .close-button')).click();
+    browser.sleep(2000);
   }
 
   clickSavedSearch() {
@@ -170,7 +172,7 @@ export class MetronAlertsPage {
   }
 
   clickTableText(name: string) {
-    waitForElementPresence(element.all(by.css('app-table-view tbody tr'))).then(() => element.all(by.linkText(name)).get(0).click());
+    waitForElementPresence(element.all(by.css('app-table-view tbody tr a'))).then(() => element.all(by.linkText(name)).get(0).click());
   }
 
   clickClearSearch() {
@@ -195,26 +197,22 @@ export class MetronAlertsPage {
 
   getRecentSearchOptions() {
     browser.sleep(1000);
-    let map = {};
-    let recentSearches = element.all(by.css('app-saved-searches metron-collapse')).get(0);
-    return recentSearches.all(by.css('a')).getText().then(title => {
-       return recentSearches.all(by.css('.collapse.show')).getText().then(values => {
-         map[title] = values;
-        return map;
-      });
-    });
+    return element(by.linkText('Recent Searches')).element(by.xpath('..')).all(by.css('li')).getText();
+  }
+
+  getDefaultRecentSearchValue() {
+    browser.sleep(1000);
+    return element(by.linkText('Recent Searches')).element(by.xpath('..')).all(by.css('i')).getText();
   }
 
   getSavedSearchOptions() {
     browser.sleep(1000);
-    let map = {};
-    let recentSearches = element.all(by.css('app-saved-searches metron-collapse')).get(1);
-    return recentSearches.all(by.css('a')).getText().then(title => {
-      return recentSearches.all(by.css('.collapse.show')).getText().then(values => {
-        map[title] = values;
-        return map;
-      });
-    });
+    return element(by.linkText('Saved Searches')).element(by.xpath('..')).all(by.css('li')).getText();
+  }
+
+  getDefaultSavedSearchValue() {
+    browser.sleep(1000);
+    return element(by.linkText('Saved Searches')).element(by.xpath('..')).all(by.css('i')).getText();
   }
 
   getSelectedColumnNames() {
@@ -288,8 +286,108 @@ export class MetronAlertsPage {
     });
   }
 
+  isDateSeettingDisabled() {
+    return element.all(by.css('app-time-range button.btn.btn-search[disabled=""]')).count().then((count) => { return (count === 1); });
+  }
+
+  clickDateSettings() {
+    element(by.css('app-time-range button.btn-search')).click();
+    browser.sleep(2000);
+  }
+
+  getTimeRangeTitles() {
+    return element.all(by.css('app-time-range .title')).getText();
+  }
+  
+  getQuickTimeRanges() {
+    return element.all(by.css('app-time-range .quick-ranges span')).getText();
+  }
+
+  getValueForManualTimeRange() {
+    return element.all(by.css('app-time-range input.form-control')). getAttribute('value');
+  }
+
+  isManulaTimeRangeApplyButtonPresent() {
+    return element.all(by.css('app-time-range')).all(by.buttonText('APPLY')).count().then(count => count === 1);
+  }
+
+  selectQuickTimeRange(quickRange: string) {
+    element.all(by.cssContainingText('.quick-ranges span', quickRange)).get(0).click();
+    browser.sleep(2000);
+  }
+  
+  getTimeRangeButtonText() {
+    return element.all(by.css('app-time-range button.btn-search span')).get(0).getText();
+  }
+
+  setDate(index: number, year: string, month: string, day: string, hour: string, min: string, sec: string) {
+    element.all(by.css('app-time-range .calendar')).get(index).click()
+    .then(() => element.all(by.css('.pika-select.pika-select-hour')).get(index).click())
+    .then(() => element.all(by.css('.pika-select.pika-select-hour')).get(index).element(by.cssContainingText('option', hour)).click())
+    .then(() => element.all(by.css('.pika-select.pika-select-minute')).get(index).click())
+    .then(() => element.all(by.css('.pika-select.pika-select-minute')).get(index).element(by.cssContainingText('option', min)).click())
+    .then(() => element.all(by.css('.pika-select.pika-select-second')).get(index).click())
+    .then(() => element.all(by.css('.pika-select.pika-select-second')).get(index).element(by.cssContainingText('option', sec)).click())
+    .then(() => element.all(by.css('.pika-select.pika-select-year')).get(index).click())
+    .then(() => element.all(by.css('.pika-select.pika-select-year')).get(index).element(by.cssContainingText('option', year)).click())
+    .then(() => element.all(by.css('.pika-select.pika-select-month')).get(index).click())
+    .then(() => element.all(by.css('.pika-select.pika-select-month')).get(index).element(by.cssContainingText('option', month)).click())
+    .then(() => element.all(by.css('.pika-table')).get(index).element(by.buttonText(day)).click())
+    .then(() => waitForElementInVisibility(element.all(by.css('.pika-single')).get(index)));
+
+    browser.sleep(1000);
+  }
+
+  selectTimeRangeApplyButton() {
+    return element(by.css('app-time-range')).element(by.buttonText('APPLY')).click();
+  }
+
+  getChangesAlertTableTitle(previousText: string) {
+    // browser.pause();
+    let title = element(by.css('.col-form-label-lg'));
+    return this.waitForTextChange(title, previousText).then(() => {
+      return title.getText();
+    });
+  }
+
   getAlertStatusById(id: string) {
     return element(by.css('a[title="' + id +'"]'))
           .element(by.xpath('../..')).all(by.css('td a')).get(8).getText();
   }
+
+  loadSavedSearch(name: string) {
+    element.all(by.css('app-saved-searches metron-collapse')).get(1).element(by.css('li[title="'+ name +'"]')).click();
+    browser.sleep(1000);
+  }
+
+  loadRecentSearch(name: string) {
+    element.all(by.css('app-saved-searches metron-collapse')).get(0).all(by.css('li')).get(2).click();
+    browser.sleep(1000);
+  }
+
+  getTimeRangeButtonTextForNow() {
+    return element.all(by.css('app-time-range button span')).getText();
+  }
+
+  getTimeRangeButtonAndSubText() {
+    return waitForElementInVisibility(element(by.css('#time-range')))
+    .then(() => element.all(by.css('app-time-range button span')).getText())
+    .then(arr => {
+        let retArr = [arr[0]];
+        for (let i=1; i < arr.length; i++) {
+          let dateStr = arr[i].split(' to ');
+          let fromTime = new Date(dateStr[0]).getTime();
+          let toTime = new Date(dateStr[1]).getTime();
+          retArr.push((toTime - fromTime) + '');
+        }
+        return retArr;
+    });
+  }
+  
+  renameColumn(name: string, value: string) {
+    element(by.cssContainingText('app-configure-table span', name))
+    .element(by.xpath('../..'))
+    .element(by.css('.input')).sendKeys(value);
+  }
+
 }
diff --git a/metron-interface/metron-alerts/e2e/alerts-list/configure-table/configure-table.e2e-spec.ts b/metron-interface/metron-alerts/e2e/alerts-list/configure-table/configure-table.e2e-spec.ts
index 08349601ee..ddad558078 100644
--- a/metron-interface/metron-alerts/e2e/alerts-list/configure-table/configure-table.e2e-spec.ts
+++ b/metron-interface/metron-alerts/e2e/alerts-list/configure-table/configure-table.e2e-spec.ts
@@ -56,6 +56,28 @@ describe('metron-alerts configure table', function() {
     page.toggleSelectCol('guid', 'method');
     expect(page.getSelectedColumnNames()).toEqualBcoz(newColNamesColumnConfig, 'for guid added to selected column names');
     page.saveConfigureColumns();
+  });
+
+  it('should rename columns from table configuration', () => {
+    page.clearLocalStorage();
+    page.navigateTo();
+
+    page.clickConfigureTable();
+    page.renameColumn('enrichments:geo:ip_dst_addr:country', 'Country');
+    page.saveConfigureColumns();
+
+    page.clickTableText('FR');
+    expect(page.getSearchText()).toEqual('Country:FR');
+    expect(page.getChangesAlertTableTitle('Alerts (169)')).toEqual('Alerts (25)');
+    page.clickClearSearch();
+
+    expect(page.getChangesAlertTableTitle('Alerts (25)')).toEqual('Alerts (169)');
+    page.setSearchText('Country:FR');
+    expect(page.getChangesAlertTableTitle('Alerts (169)')).toEqual('Alerts (25)');
+    page.clickClearSearch();
+
+    let columnNames = ['Score','id', 'timestamp','source:type','ip_src_addr','Country','ip_dst_addr','host','alert_status','',''];
+    expect(page.getTableColumnNames()).toEqualBcoz(columnNames, 'for renamed column names for alert list table');
 
   });
 
diff --git a/metron-interface/metron-alerts/e2e/alerts-list/save-search/save-search.e2e-spec.ts b/metron-interface/metron-alerts/e2e/alerts-list/save-search/save-search.e2e-spec.ts
index b6062849c7..350f11efa1 100644
--- a/metron-interface/metron-alerts/e2e/alerts-list/save-search/save-search.e2e-spec.ts
+++ b/metron-interface/metron-alerts/e2e/alerts-list/save-search/save-search.e2e-spec.ts
@@ -47,8 +47,10 @@ describe('metron-alerts Search', function() {
 
     page.clickSavedSearch();
     expect(page.getSavedSearchTitle()).toEqualBcoz('Searches', 'for saved searches title');
-    expect(page.getRecentSearchOptions()).toEqualBcoz({ 'Recent Searches': [ 'No Recent Searches' ] }, 'for recent search options');
-    expect(page.getSavedSearchOptions()).toEqualBcoz({ 'Saved Searches': [ 'No Saved Searches' ] }, 'for saved search options');
+    expect(page.getRecentSearchOptions()).toEqualBcoz([], 'for recent search options');
+    expect(page.getSavedSearchOptions()).toEqualBcoz([], 'for saved search options');
+    expect(page.getDefaultRecentSearchValue()).toEqualBcoz([ 'No Recent Searches' ], 'for recent search default value');
+    expect(page.getDefaultSavedSearchValue()).toEqualBcoz([ 'No Saved Searches' ], 'for saved search default value');
     page.clickCloseSavedSearch();
 
   });
@@ -56,7 +58,7 @@ describe('metron-alerts Search', function() {
   it('should have all save search controls and they save search should be working', () => {
     page.saveSearch('e2e-1');
     page.clickSavedSearch();
-    expect(page.getSavedSearchOptions()).toEqualBcoz({ 'Saved Searches': [ 'e2e-1' ] }, 'for saved search options e2e-1');
+    expect(page.getSavedSearchOptions()).toEqualBcoz([ 'e2e-1' ], 'for saved search options e2e-1');
     page.clickCloseSavedSearch();
   });
 
diff --git a/metron-interface/metron-alerts/e2e/mock-data/alerts_ui_e2e_index.data b/metron-interface/metron-alerts/e2e/mock-data/alerts_ui_e2e_index.data
index f75c220ff0..e3ffbe7804 100644
--- a/metron-interface/metron-alerts/e2e/mock-data/alerts_ui_e2e_index.data
+++ b/metron-interface/metron-alerts/e2e/mock-data/alerts_ui_e2e_index.data
@@ -209,25 +209,25 @@
 {"create": { "_id": "72f00fcd-2347-d75b-5c0a-08086f9e2a23"}}
 {"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325676512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569374","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CHVSUC3iOxb3UpVxWd","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574844","original_string":"HTTP | id.orig_p:49194 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?60dbe33b908e0086292196ef001816bc tags:[] uid:CHVSUC3iOxb3UpVxWd trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671567.0 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671569378","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671574076","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574181","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505325676512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569375","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671569378","uri":"/?60dbe33b908e0086292196ef001816bc","tags":[],"ip_src_port":49194,"threatintelsplitterbolt:splitter:begin:ts":"1492671574181","adapter:threatinteladapter:begin:ts":"1492671574844","status_msg":"OK","guid":"72f00fcd-2347-d75b-5c0a-08086f9e2a23","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0}
 {"create": { "_id": "dcb3afed-1b68-d88a-7adb-f38183867920"}}
-{"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325677512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569382","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CZOU9CQKfQzbTKGZ8","resp_mime_types":["application/x-shockwave-flash"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574844","original_string":"HTTP | id.orig_p:49185 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/ tags:[] uid:CZOU9CQKfQzbTKGZ8 referrer:http://va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in/?285a4d4e4e5a4d4d4649584c5d43064b4745 resp_mime_types:[\"application\\/x-shockwave-flash\"] trans_depth:1 host:ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in status_msg:OK id.orig_h:192.168.138.158 response_body_len:8973 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671567.0 id.resp_h:62.75.195.236 resp_fuids:[\"F95sxB3DPck4oMGLmc\"]","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671569387","host":"ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in","adapter:geoadapter:end:ts":"1492671574076","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F95sxB3DPck4oMGLmc"],"timestamp":1505325677512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569382","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671569387","uri":"/","tags":[],"referrer":"http://va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in/?285a4d4e4e5a4d4d4649584c5d43064b4745","ip_src_port":49185,"threatintelsplitterbolt:splitter:begin:ts":"1492671574181","adapter:threatinteladapter:begin:ts":"1492671574844","status_msg":"OK","guid":"dcb3afed-1b68-d88a-7adb-f38183867920","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":8973}
+{"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325677512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569382","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CZOU9CQKfQzbTKGZ8","resp_mime_types":["application/x-shockwave-flash"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574844","original_string":"HTTP | id.orig_p:49185 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/ tags:[] uid:CZOU9CQKfQzbTKGZ8 referrer:http://va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in/?285a4d4e4e5a4d4d4649584c5d43064b4745 resp_mime_types:[\"application\\/x-shockwave-flash\"] trans_depth:1 host:ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in status_msg:OK id.orig_h:192.168.138.158 response_body_len:8973 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671567.0 id.resp_h:62.75.195.236 resp_fuids:[\"F95sxB3DPck4oMGLmc\"]","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671569387","host":"ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in","adapter:geoadapter:end:ts":"1492671574076","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F95sxB3DPck4oMGLmc"],"timestamp":1505370580000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569382","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671569387","uri":"/","tags":[],"referrer":"http://va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in/?285a4d4e4e5a4d4d4649584c5d43064b4745","ip_src_port":49185,"threatintelsplitterbolt:splitter:begin:ts":"1492671574181","adapter:threatinteladapter:begin:ts":"1492671574844","status_msg":"OK","guid":"dcb3afed-1b68-d88a-7adb-f38183867920","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":8973}
 {"create": { "_id": "50d6e395-0f31-a9c3-143e-25d7f44aadde"}}
 {"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325678512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569383","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"Cn2j4crCA6ckU3XP5","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574844","original_string":"HTTP | id.orig_p:49190 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?b2566564b3ba1a38e61c83957a7dbcd5 tags:[] uid:Cn2j4crCA6ckU3XP5 trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671567.0 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671569387","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671574076","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505325678512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569383","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671569387","uri":"/?b2566564b3ba1a38e61c83957a7dbcd5","tags":[],"ip_src_port":49190,"threatintelsplitterbolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574844","status_msg":"OK","guid":"50d6e395-0f31-a9c3-143e-25d7f44aadde","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0}
 {"create": { "_id": "e90a5ca0-599d-05f2-18c4-13b563606f2e"}}
-{"bro_timestamp":1505325679512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569383","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"Cx8Ucg1r67RywyWab1","resp_mime_types":["image/png"],"trans_depth":4,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574845","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/bitcoin.png tags:[] uid:Cx8Ucg1r67RywyWab1 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:4 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:5523 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671567.0 id.resp_h:95.163.121.204 resp_fuids:[\"F3XRx03OXSVJ1iQGhe\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671569387","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574076","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F3XRx03OXSVJ1iQGhe"],"timestamp":1505325679512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569384","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569387","uri":"/img/bitcoin.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitterbolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574844","status_msg":"OK","guid":"e90a5ca0-599d-05f2-18c4-13b563606f2e","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":5523}
+{"bro_timestamp":1505325679512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569383","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"Cx8Ucg1r67RywyWab1","resp_mime_types":["image/png"],"trans_depth":4,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574845","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/bitcoin.png tags:[] uid:Cx8Ucg1r67RywyWab1 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:4 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:5523 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671567.0 id.resp_h:95.163.121.204 resp_fuids:[\"F3XRx03OXSVJ1iQGhe\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671569387","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574076","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F3XRx03OXSVJ1iQGhe"],"timestamp":1505370580000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569384","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569387","uri":"/img/bitcoin.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitterbolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574844","status_msg":"OK","guid":"e90a5ca0-599d-05f2-18c4-13b563606f2e","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":5523}
 {"create": { "_id": "fdb3c737-37fb-8bdf-6ace-78e8c41972a7"}}
 {"bro_timestamp":1505325680512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569384","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","uid":"CUrRne3iLIxXavQtci","trans_depth":32,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574845","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state,components/ServiceComponentInfo/component_name&minimal_response=true&_=1484168473040 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:32 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671567.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671569387","host":"node1","adapter:geoadapter:end:ts":"1492671574076","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574182","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325680512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569384","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569387","uri":"/api/v1/clusters/metron_cluster/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state,components/ServiceComponentInfo/component_name&minimal_response=true&_=1484168473040","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574845","guid":"fdb3c737-37fb-8bdf-6ace-78e8c41972a7","response_body_len":0}
 {"create": { "_id": "735fcf0d-58f6-1b6a-9e33-8d94bc5a1be0"}}
 {"bro_timestamp":1505325681512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569387","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","uid":"CUrRne3iLIxXavQtci","trans_depth":22,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/requests?to=end&page_size=10&fields=Requests&_=1484168417107 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:22 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671567.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671569389","host":"node1","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574182","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325681512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569387","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569389","uri":"/api/v1/clusters/metron_cluster/requests?to=end&page_size=10&fields=Requests&_=1484168417107","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574850","guid":"735fcf0d-58f6-1b6a-9e33-8d94bc5a1be0","response_body_len":0}
 {"create": { "_id": "09552ace-9c09-8069-a3f0-73e146579030"}}
-{"bro_timestamp":1505325682512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569388","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574077","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"C5UfKV32U65H7ojqJd","resp_mime_types":["image/png"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/flags/us.png tags:[] uid:C5UfKV32U65H7ojqJd referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:825 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671567.0 id.resp_h:95.163.121.204 resp_fuids:[\"FZKJP2gGkPyTrWpLe\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671569392","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FZKJP2gGkPyTrWpLe"],"timestamp":1505325682512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569388","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569391","uri":"/img/flags/us.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitterbolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574850","status_msg":"OK","guid":"09552ace-9c09-8069-a3f0-73e146579030","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":825}
+{"bro_timestamp":1505325682512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569388","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574077","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"C5UfKV32U65H7ojqJd","resp_mime_types":["image/png"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/flags/us.png tags:[] uid:C5UfKV32U65H7ojqJd referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:825 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671567.0 id.resp_h:95.163.121.204 resp_fuids:[\"FZKJP2gGkPyTrWpLe\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671569392","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FZKJP2gGkPyTrWpLe"],"timestamp":1505370580000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569388","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569391","uri":"/img/flags/us.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitterbolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574850","status_msg":"OK","guid":"09552ace-9c09-8069-a3f0-73e146579030","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":825}
 {"create": { "_id": "1ff42d27-d69b-eab5-a2ca-7875ebf8336e"}}
 {"TTLs":[29],"qclass_name":"C_INTERNET","bro_timestamp":1505325683512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671575571","qtype":1,"rejected":false,"answers":["62.75.195.236"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671569393","enrichmentjoinbolt:joiner:ts":"1492671574179","trans_id":62139,"adapter:geoadapter:begin:ts":"1492671574077","uid":"C1fDU21X4Ys3xP7137","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"DNS | AA:false TTLs:[29.0] qclass_name:C_INTERNET id.orig_p:50683 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in answers:[\"62.75.195.236\"] trans_id:62139 rcode:0 rcode_name:NOERROR TC:false RA:true uid:C1fDU21X4Ys3xP7137 RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671567.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671569395","Z":0,"adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","qclass":1,"timestamp":1505325683512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671569393","query":"r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569395","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":50683,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574850","guid":"1ff42d27-d69b-eab5-a2ca-7875ebf8336e"}
 {"create": { "_id": "ae14f2cf-6cc5-941f-2c98-9ce9b6e0bf81"}}
 {"qclass_name":"C_INTERNET","bro_timestamp":1505325684512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671575571","qtype":1,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671569399","enrichmentjoinbolt:joiner:ts":"1492671574179","trans_id":6088,"adapter:geoadapter:begin:ts":"1492671574077","uid":"CqrOfMusHaczrDBz8","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:50509 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:kritischerkonsum.uni-koeln.de trans_id:6088 rcode:0 rcode_name:NOERROR TC:false RA:false uid:CqrOfMusHaczrDBz8 RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671567.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671569401","Z":0,"adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","qclass":1,"timestamp":1505325684512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671569399","query":"kritischerkonsum.uni-koeln.de","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569401","rcode_name":"NOERROR","TC":false,"RA":false,"RD":true,"ip_src_port":50509,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574850","guid":"ae14f2cf-6cc5-941f-2c98-9ce9b6e0bf81"}
 {"create": { "_id": "a105fca8-ec40-a98f-b64e-06e4d97a800f"}}
-{"bro_timestamp":1505325685512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575623","enrichmentsplitterbolt:splitter:begin:ts":"1492671573715","enrichmentjoinbolt:joiner:ts":"1492671574181","adapter:geoadapter:begin:ts":"1492671574077","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CsUjA541poEzvhMfuf","resp_mime_types":["image/png"],"trans_depth":4,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/bitcoin.png tags:[] uid:CsUjA541poEzvhMfuf referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:4 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:5523 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671571.0 id.resp_h:95.163.121.204 resp_fuids:[\"FGcm94EWzm8st4LQj\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671573729","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574186","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FGcm94EWzm8st4LQj"],"timestamp":1505325685512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671573715","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671573729","uri":"/img/bitcoin.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitterbolt:splitter:begin:ts":"1492671574186","adapter:threatinteladapter:begin:ts":"1492671574850","status_msg":"OK","guid":"a105fca8-ec40-a98f-b64e-06e4d97a800f","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":5523}
+{"bro_timestamp":1505325685512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575623","enrichmentsplitterbolt:splitter:begin:ts":"1492671573715","enrichmentjoinbolt:joiner:ts":"1492671574181","adapter:geoadapter:begin:ts":"1492671574077","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CsUjA541poEzvhMfuf","resp_mime_types":["image/png"],"trans_depth":4,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/bitcoin.png tags:[] uid:CsUjA541poEzvhMfuf referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:4 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:5523 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671571.0 id.resp_h:95.163.121.204 resp_fuids:[\"FGcm94EWzm8st4LQj\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671573729","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574186","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FGcm94EWzm8st4LQj"],"timestamp":1505370580000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671573715","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671573729","uri":"/img/bitcoin.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitterbolt:splitter:begin:ts":"1492671574186","adapter:threatinteladapter:begin:ts":"1492671574850","status_msg":"OK","guid":"a105fca8-ec40-a98f-b64e-06e4d97a800f","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":5523}
 {"create": { "_id": "52ad66d7-80e8-9174-17f4-9b8e6e61fbc1"}}
-{"bro_timestamp":1505325686512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575623","enrichmentsplitterbolt:splitter:begin:ts":"1492671573812","enrichmentjoinbolt:joiner:ts":"1492671574182","adapter:geoadapter:begin:ts":"1492671574077","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CFbOTR2z2k8dUYUMmi","resp_mime_types":["image/x-icon"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:49207 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/favicon.ico tags:[] uid:CFbOTR2z2k8dUYUMmi resp_mime_types:[\"image\\/x-icon\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:318 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671571.0 id.resp_h:95.163.121.204 resp_fuids:[\"F73miB3YQ8nA17F2Te\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671573815","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574186","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F73miB3YQ8nA17F2Te"],"timestamp":1505325686512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671573812","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671573815","uri":"/favicon.ico","tags":[],"ip_src_port":49207,"threatintelsplitterbolt:splitter:begin:ts":"1492671574186","adapter:threatinteladapter:begin:ts":"1492671574850","status_msg":"OK","guid":"52ad66d7-80e8-9174-17f4-9b8e6e61fbc1","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":318}
+{"bro_timestamp":1505325686512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575623","enrichmentsplitterbolt:splitter:begin:ts":"1492671573812","enrichmentjoinbolt:joiner:ts":"1492671574182","adapter:geoadapter:begin:ts":"1492671574077","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CFbOTR2z2k8dUYUMmi","resp_mime_types":["image/x-icon"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:49207 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/favicon.ico tags:[] uid:CFbOTR2z2k8dUYUMmi resp_mime_types:[\"image\\/x-icon\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:318 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671571.0 id.resp_h:95.163.121.204 resp_fuids:[\"F73miB3YQ8nA17F2Te\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671573815","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574186","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F73miB3YQ8nA17F2Te"],"timestamp":1505370580000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671573812","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671573815","uri":"/favicon.ico","tags":[],"ip_src_port":49207,"threatintelsplitterbolt:splitter:begin:ts":"1492671574186","adapter:threatinteladapter:begin:ts":"1492671574850","status_msg":"OK","guid":"52ad66d7-80e8-9174-17f4-9b8e6e61fbc1","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":318}
 {"create": { "_id": "ba44eb73-69d8-ccd2-f08b-636f9c15b261"}}
 {"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325687512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575623","enrichmentsplitterbolt:splitter:begin:ts":"1492671573813","enrichmentjoinbolt:joiner:ts":"1492671574182","adapter:geoadapter:begin:ts":"1492671574077","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CLKLkp1z9ZWAE0eou","resp_mime_types":["text/html"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:49186 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/ tags:[] uid:CLKLkp1z9ZWAE0eou referrer:http://va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in/?285a4d4e4e5a4d4d4649584c5d43064b4745 resp_mime_types:[\"text\\/html\"] trans_depth:1 host:r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in status_msg:OK id.orig_h:192.168.138.158 response_body_len:121635 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671571.0 id.resp_h:62.75.195.236 resp_fuids:[\"FrcnSsZqVzpjB9o3j\"]","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671573817","host":"r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574186","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FrcnSsZqVzpjB9o3j"],"timestamp":1505325687512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671573813","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671573815","uri":"/","tags":[],"referrer":"http://va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in/?285a4d4e4e5a4d4d4649584c5d43064b4745","ip_src_port":49186,"threatintelsplitterbolt:splitter:begin:ts":"1492671574186","adapter:threatinteladapter:begin:ts":"1492671574850","status_msg":"OK","guid":"ba44eb73-69d8-ccd2-f08b-636f9c15b261","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":121635}
 {"create": { "_id": "6a437817-ef04-e264-2eef-5edd0b37d280"}}
@@ -311,11 +311,11 @@
 {"create": { "_id": "3cf6c636-ea29-4654-1632-c38a2c130f1c"}}
 {"bro_timestamp":1505325727512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671594649","enrichmentsplitterbolt:splitter:begin:ts":"1492671594635","enrichmentjoinbolt:joiner:ts":"1492671594643","adapter:geoadapter:begin:ts":"1492671594637","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CVxPm9xkzN80U39i9","resp_mime_types":["image/png"],"trans_depth":4,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594647","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/bitcoin.png tags:[] uid:CVxPm9xkzN80U39i9 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:4 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:5523 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671593.0 id.resp_h:95.163.121.204 resp_fuids:[\"FOUZap2sbK6jyWeLZ8\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671594637","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671594637","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594644","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FOUZap2sbK6jyWeLZ8"],"timestamp":1505325727512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671594635","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594637","uri":"/img/bitcoin.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitterbolt:splitter:begin:ts":"1492671594644","adapter:threatinteladapter:begin:ts":"1492671594647","status_msg":"OK","guid":"3cf6c636-ea29-4654-1632-c38a2c130f1c","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":5523}
 {"create": { "_id": "fd436051-cfdd-c29a-e07c-a08a83740b23"}}
-{"bro_timestamp":1505325728512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671594649","enrichmentsplitterbolt:splitter:begin:ts":"1492671594635","enrichmentjoinbolt:joiner:ts":"1492671594643","adapter:geoadapter:begin:ts":"1492671594638","uid":"CUrRne3iLIxXavQtci","trans_depth":241,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594647","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/requests?to=end&page_size=10&fields=Requests&_=1484169388617 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:241 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671593.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671594637","host":"node1","adapter:geoadapter:end:ts":"1492671594638","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671594645","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325728512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671594635","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594637","uri":"/api/v1/clusters/metron_cluster/requests?to=end&page_size=10&fields=Requests&_=1484169388617","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671594644","adapter:threatinteladapter:begin:ts":"1492671594647","guid":"fd436051-cfdd-c29a-e07c-a08a83740b23","response_body_len":0}
+{"bro_timestamp":1505325728512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671594649","enrichmentsplitterbolt:splitter:begin:ts":"1492671594635","enrichmentjoinbolt:joiner:ts":"1492671594643","adapter:geoadapter:begin:ts":"1492671594638","uid":"CUrRne3iLIxXavQtci","trans_depth":241,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594647","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/requests?to=end&page_size=10&fields=Requests&_=1484169388617 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:241 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671593.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671594637","host":"node1","adapter:geoadapter:end:ts":"1492671594638","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671594645","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505363380000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671594635","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594637","uri":"/api/v1/clusters/metron_cluster/requests?to=end&page_size=10&fields=Requests&_=1484169388617","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671594644","adapter:threatinteladapter:begin:ts":"1492671594647","guid":"fd436051-cfdd-c29a-e07c-a08a83740b23","response_body_len":0}
 {"create": { "_id": "d41c8e3b-0b86-9084-2f6a-82db51a337fe"}}
 {"enrichments:geo:ip_dst_addr:locID":"5368361","bro_timestamp":1505325729512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"34.0494,-118.2641","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671594649","enrichments:geo:ip_dst_addr:dmaCode":"803","enrichmentsplitterbolt:splitter:begin:ts":"1492671594635","enrichmentjoinbolt:joiner:ts":"1492671594643","adapter:geoadapter:begin:ts":"1492671594638","enrichments:geo:ip_dst_addr:latitude":"34.0494","uid":"C5DBCB4BP3zJovMQlf","resp_mime_types":["text/plain"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594647","original_string":"HTTP | id.orig_p:49204 status_code:200 method:POST request_body_len:110 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/grizzly/img5.php?u=ka6nnuvccqlw9 tags:[] uid:C5DBCB4BP3zJovMQlf resp_mime_types:[\"text\\/plain\"] trans_depth:1 orig_fuids:[\"FMZdAx3UlrSOgAQdsj\"] host:comarksecurity.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:14 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671593.0 id.resp_h:72.34.49.86 resp_fuids:[\"FtEGkz1CUNMfkJKrZh\"]","ip_dst_addr":"72.34.49.86","adapter:hostfromjsonlistadapter:end:ts":"1492671594637","host":"comarksecurity.com","adapter:geoadapter:end:ts":"1492671594638","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594645","enrichments:geo:ip_dst_addr:longitude":"-118.2641","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FtEGkz1CUNMfkJKrZh"],"timestamp":1505325729512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671594635","request_body_len":110,"enrichments:geo:ip_dst_addr:city":"Los Angeles","enrichments:geo:ip_dst_addr:postalCode":"90014","adapter:hostfromjsonlistadapter:begin:ts":"1492671594637","orig_mime_types":["text/plain"],"uri":"/wp-content/themes/grizzly/img5.php?u=ka6nnuvccqlw9","tags":[],"orig_fuids":["FMZdAx3UlrSOgAQdsj"],"ip_src_port":49204,"threatintelsplitterbolt:splitter:begin:ts":"1492671594645","adapter:threatinteladapter:begin:ts":"1492671594647","status_msg":"OK","guid":"d41c8e3b-0b86-9084-2f6a-82db51a337fe","enrichments:geo:ip_dst_addr:country":"US","response_body_len":14}
 {"create": { "_id": "777d9c8c-4c97-08bd-09ba-66e9366cccd5"}}
-{"TTLs":[29],"qclass_name":"C_INTERNET","bro_timestamp":1505325730512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671594649","qtype":1,"rejected":false,"answers":["62.75.195.236"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671594635","enrichmentjoinbolt:joiner:ts":"1492671594643","trans_id":18350,"adapter:geoadapter:begin:ts":"1492671594638","uid":"CLv9mm30dHjZkUTCSl","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594647","original_string":"DNS | AA:false TTLs:[29.0] qclass_name:C_INTERNET id.orig_p:60078 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in answers:[\"62.75.195.236\"] trans_id:18350 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CLv9mm30dHjZkUTCSl RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671593.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671594638","Z":0,"adapter:geoadapter:end:ts":"1492671594638","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594645","qclass":1,"timestamp":1505325730512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671594635","query":"va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594638","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":60078,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671594645","adapter:threatinteladapter:begin:ts":"1492671594647","guid":"777d9c8c-4c97-08bd-09ba-66e9366cccd5"}
+{"TTLs":[29],"qclass_name":"C_INTERNET","bro_timestamp":1505325730512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671594649","qtype":1,"rejected":false,"answers":["62.75.195.236"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671594635","enrichmentjoinbolt:joiner:ts":"1492671594643","trans_id":18350,"adapter:geoadapter:begin:ts":"1492671594638","uid":"CLv9mm30dHjZkUTCSl","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594647","original_string":"DNS | AA:false TTLs:[29.0] qclass_name:C_INTERNET id.orig_p:60078 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in answers:[\"62.75.195.236\"] trans_id:18350 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CLv9mm30dHjZkUTCSl RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671593.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671594638","Z":0,"adapter:geoadapter:end:ts":"1492671594638","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594645","qclass":1,"timestamp":1505363380000,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671594635","query":"va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594638","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":60078,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671594645","adapter:threatinteladapter:begin:ts":"1492671594647","guid":"777d9c8c-4c97-08bd-09ba-66e9366cccd5"}
 {"create": { "_id": "0e99ba49-46a8-8efe-098f-15456c107bc9"}}
 {"bro_timestamp":1505325731512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671594650","enrichmentsplitterbolt:splitter:begin:ts":"1492671594635","enrichmentjoinbolt:joiner:ts":"1492671594643","adapter:geoadapter:begin:ts":"1492671594638","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CrRM6qLedsBZ3P0d8","resp_mime_types":["image/x-icon"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594648","original_string":"HTTP | id.orig_p:49207 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/favicon.ico tags:[] uid:CrRM6qLedsBZ3P0d8 resp_mime_types:[\"image\\/x-icon\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:318 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671593.0 id.resp_h:95.163.121.204 resp_fuids:[\"FlDlsY39iNQUeDK2Dj\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671594638","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671594638","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594646","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FlDlsY39iNQUeDK2Dj"],"timestamp":1505325731512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671594635","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594638","uri":"/favicon.ico","tags":[],"ip_src_port":49207,"threatintelsplitterbolt:splitter:begin:ts":"1492671594646","adapter:threatinteladapter:begin:ts":"1492671594648","status_msg":"OK","guid":"0e99ba49-46a8-8efe-098f-15456c107bc9","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":318}
 {"create": { "_id": "e9a942f0-9410-a2ef-79d3-297448ca7a9a"}}
@@ -323,13 +323,13 @@
 {"create": { "_id": "cadf2f10-468c-2ad9-625c-39dce0668ea0"}}
 {"bro_timestamp":1505325733512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671594654","enrichmentsplitterbolt:splitter:begin:ts":"1492671594639","enrichmentjoinbolt:joiner:ts":"1492671594646","adapter:geoadapter:begin:ts":"1492671594643","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"Cxo2i52HmVbQpiKMQ4","resp_mime_types":["image/png"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594650","original_string":"HTTP | id.orig_p:49209 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/flags/de.png tags:[] uid:Cxo2i52HmVbQpiKMQ4 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:1 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:534 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671593.0 id.resp_h:95.163.121.204 resp_fuids:[\"FPOfpJ1mfdIRvALw8j\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671594643","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671594643","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594648","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FPOfpJ1mfdIRvALw8j"],"timestamp":1505325733512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671594639","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594643","uri":"/img/flags/de.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49209,"threatintelsplitterbolt:splitter:begin:ts":"1492671594648","adapter:threatinteladapter:begin:ts":"1492671594650","status_msg":"OK","guid":"cadf2f10-468c-2ad9-625c-39dce0668ea0","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":534}
 {"create": { "_id": "becc5966-68a2-e67d-3493-b7bc9514e3c9"}}
-{"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325734512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671594654","enrichmentsplitterbolt:splitter:begin:ts":"1492671594639","enrichmentjoinbolt:joiner:ts":"1492671594646","adapter:geoadapter:begin:ts":"1492671594643","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CydFJ34ePzeFrkKCMc","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594650","original_string":"HTTP | id.orig_p:49192 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?d71e0bd86db9587158745a986a4b3606 tags:[] uid:CydFJ34ePzeFrkKCMc trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671593.0 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671594644","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671594643","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594648","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505325734512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671594639","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671594644","uri":"/?d71e0bd86db9587158745a986a4b3606","tags":[],"ip_src_port":49192,"threatintelsplitterbolt:splitter:begin:ts":"1492671594648","adapter:threatinteladapter:begin:ts":"1492671594650","status_msg":"OK","guid":"becc5966-68a2-e67d-3493-b7bc9514e3c9","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0}
+{"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325734512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671594654","enrichmentsplitterbolt:splitter:begin:ts":"1492671594639","enrichmentjoinbolt:joiner:ts":"1492671594646","adapter:geoadapter:begin:ts":"1492671594643","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CydFJ34ePzeFrkKCMc","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594650","original_string":"HTTP | id.orig_p:49192 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?d71e0bd86db9587158745a986a4b3606 tags:[] uid:CydFJ34ePzeFrkKCMc trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671593.0 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671594644","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671594643","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594648","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505363380000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671594639","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671594644","uri":"/?d71e0bd86db9587158745a986a4b3606","tags":[],"ip_src_port":49192,"threatintelsplitterbolt:splitter:begin:ts":"1492671594648","adapter:threatinteladapter:begin:ts":"1492671594650","status_msg":"OK","guid":"becc5966-68a2-e67d-3493-b7bc9514e3c9","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0}
 {"create": { "_id": "4d864bb0-0cb1-4005-f707-c62f7b0e7264"}}
-{"TTLs":[29],"qclass_name":"C_INTERNET","bro_timestamp":1505325735512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671594671","qtype":1,"rejected":false,"answers":["62.75.195.236"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671594655","enrichmentjoinbolt:joiner:ts":"1492671594661","trans_id":27248,"adapter:geoadapter:begin:ts":"1492671594657","uid":"CgJVs33o5YodJJYQyk","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594667","original_string":"DNS | AA:false TTLs:[29.0] qclass_name:C_INTERNET id.orig_p:65315 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in answers:[\"62.75.195.236\"] trans_id:27248 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CgJVs33o5YodJJYQyk RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671593.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671594657","Z":0,"adapter:geoadapter:end:ts":"1492671594657","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594664","qclass":1,"timestamp":1505325735512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671594655","query":"ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594657","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":65315,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671594664","adapter:threatinteladapter:begin:ts":"1492671594667","guid":"4d864bb0-0cb1-4005-f707-c62f7b0e7264"}
+{"TTLs":[29],"qclass_name":"C_INTERNET","bro_timestamp":1505325735512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671594671","qtype":1,"rejected":false,"answers":["62.75.195.236"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671594655","enrichmentjoinbolt:joiner:ts":"1492671594661","trans_id":27248,"adapter:geoadapter:begin:ts":"1492671594657","uid":"CgJVs33o5YodJJYQyk","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594667","original_string":"DNS | AA:false TTLs:[29.0] qclass_name:C_INTERNET id.orig_p:65315 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in answers:[\"62.75.195.236\"] trans_id:27248 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CgJVs33o5YodJJYQyk RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671593.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671594657","Z":0,"adapter:geoadapter:end:ts":"1492671594657","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594664","qclass":1,"timestamp":1505363380000,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671594655","query":"ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594657","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":65315,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671594664","adapter:threatinteladapter:begin:ts":"1492671594667","guid":"4d864bb0-0cb1-4005-f707-c62f7b0e7264"}
 {"create": { "_id": "4c732cb0-05cc-bdb4-9898-886a93129aba"}}
 {"enrichments:geo:ip_dst_addr:locID":"5368361","bro_timestamp":1505325736512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"34.0494,-118.2641","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671598104","enrichments:geo:ip_dst_addr:dmaCode":"803","enrichmentsplitterbolt:splitter:begin:ts":"1492671598090","enrichmentjoinbolt:joiner:ts":"1492671598095","adapter:geoadapter:begin:ts":"1492671598093","enrichments:geo:ip_dst_addr:latitude":"34.0494","uid":"CvI6xrY2n5mRaFjFa","resp_mime_types":["text/plain"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671598101","original_string":"HTTP | id.orig_p:49200 status_code:200 method:POST request_body_len:96 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/grizzly/img5.php?t=8r1gf1b2t1kuq42 tags:[] uid:CvI6xrY2n5mRaFjFa resp_mime_types:[\"text\\/plain\"] trans_depth:1 orig_fuids:[\"FE73U6RnooUIz1k3l\"] host:comarksecurity.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:996 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671596.0 id.resp_h:72.34.49.86 resp_fuids:[\"FbCMi2mD3uLfGjK7j\"]","ip_dst_addr":"72.34.49.86","adapter:hostfromjsonlistadapter:end:ts":"1492671598093","host":"comarksecurity.com","adapter:geoadapter:end:ts":"1492671598093","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671598098","enrichments:geo:ip_dst_addr:longitude":"-118.2641","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FbCMi2mD3uLfGjK7j"],"timestamp":1505325736512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671598090","request_body_len":96,"enrichments:geo:ip_dst_addr:city":"Los Angeles","enrichments:geo:ip_dst_addr:postalCode":"90014","adapter:hostfromjsonlistadapter:begin:ts":"1492671598092","orig_mime_types":["text/plain"],"uri":"/wp-content/themes/grizzly/img5.php?t=8r1gf1b2t1kuq42","tags":[],"orig_fuids":["FE73U6RnooUIz1k3l"],"ip_src_port":49200,"threatintelsplitterbolt:splitter:begin:ts":"1492671598098","adapter:threatinteladapter:begin:ts":"1492671598101","status_msg":"OK","guid":"4c732cb0-05cc-bdb4-9898-886a93129aba","enrichments:geo:ip_dst_addr:country":"US","response_body_len":996}
 {"create": { "_id": "cb6a4983-48ac-4c00-2f44-9d1bd9b50575"}}
-{"bro_timestamp":1505325737512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671598104","enrichmentsplitterbolt:splitter:begin:ts":"1492671598090","enrichmentjoinbolt:joiner:ts":"1492671598095","adapter:geoadapter:begin:ts":"1492671598093","uid":"CUrRne3iLIxXavQtci","trans_depth":118,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671598101","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster?fields=Clusters/health_report,Clusters/total_hosts,alerts_summary_hosts&minimal_response=true&_=1484168774631 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:118 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671596.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671598093","host":"node1","adapter:geoadapter:end:ts":"1492671598093","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671598098","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325737512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671598090","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671598093","uri":"/api/v1/clusters/metron_cluster?fields=Clusters/health_report,Clusters/total_hosts,alerts_summary_hosts&minimal_response=true&_=1484168774631","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671598098","adapter:threatinteladapter:begin:ts":"1492671598101","guid":"cb6a4983-48ac-4c00-2f44-9d1bd9b50575","response_body_len":0}
+{"bro_timestamp":1505325737512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671598104","enrichmentsplitterbolt:splitter:begin:ts":"1492671598090","enrichmentjoinbolt:joiner:ts":"1492671598095","adapter:geoadapter:begin:ts":"1492671598093","uid":"CUrRne3iLIxXavQtci","trans_depth":118,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671598101","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster?fields=Clusters/health_report,Clusters/total_hosts,alerts_summary_hosts&minimal_response=true&_=1484168774631 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:118 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671596.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671598093","host":"node1","adapter:geoadapter:end:ts":"1492671598093","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671598098","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505363380000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671598090","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671598093","uri":"/api/v1/clusters/metron_cluster?fields=Clusters/health_report,Clusters/total_hosts,alerts_summary_hosts&minimal_response=true&_=1484168774631","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671598098","adapter:threatinteladapter:begin:ts":"1492671598101","guid":"cb6a4983-48ac-4c00-2f44-9d1bd9b50575","response_body_len":0}
 {"create": { "_id": "a5e95569-a9ee-c024-ace7-7d0e2613b29a"}}
 {"qclass_name":"C_INTERNET","bro_timestamp":1505325738512,"qtype_name":"PTR","ip_dst_port":5353,"threatinteljoinbolt:joiner:ts":"1492671598104","qtype":12,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671598090","enrichmentjoinbolt:joiner:ts":"1492671598095","trans_id":0,"adapter:geoadapter:begin:ts":"1492671598093","uid":"Cx7bil4EcuyIC1pVvb","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671598101","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:Cx7bil4EcuyIC1pVvb RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1492671596.0 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","adapter:hostfromjsonlistadapter:end:ts":"1492671598093","Z":0,"adapter:geoadapter:end:ts":"1492671598093","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671598098","qclass":1,"timestamp":1505325738512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671598090","query":"_googlecast._tcp.local","adapter:hostfromjsonlistadapter:begin:ts":"1492671598093","TC":false,"RA":false,"RD":false,"ip_src_port":5353,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671598098","adapter:threatinteladapter:begin:ts":"1492671598101","guid":"a5e95569-a9ee-c024-ace7-7d0e2613b29a"}
 {"create": { "_id": "fa91598f-51b2-2b60-11f2-6fbabc162b7e"}}
diff --git a/metron-interface/metron-alerts/package.json b/metron-interface/metron-alerts/package.json
index bc2c726658..1be70f35d4 100644
--- a/metron-interface/metron-alerts/package.json
+++ b/metron-interface/metron-alerts/package.json
@@ -21,12 +21,14 @@
     "@angular/platform-browser": "^4.0.0",
     "@angular/platform-browser-dynamic": "^4.0.0",
     "@angular/router": "^4.0.0",
+    "@types/moment": "^2.13.0",
     "ace-builds": "^1.2.6",
     "bootstrap": "4.0.0-alpha.6",
     "core-js": "^2.4.1",
     "font-awesome": "^4.7.0",
-    "ng2-dragula": "^1.5.0",
     "moment": "^2.18.1",
+    "pikaday-time": "^1.6.1",
+    "ng2-dragula": "^1.5.0",
     "rxjs": "^5.1.0",
     "web-animations-js": "^2.2.2",
     "zone.js": "^0.8.4"
@@ -38,6 +40,7 @@
     "@types/jasmine": "2.5.38",
     "@types/moment": "^2.13.0",
     "@types/node": "~6.0.60",
+    "@types/pikaday-time": "^1.4.2",
     "codelyzer": "~2.0.0",
     "compression": "1.6.2",
     "elementor": "^2.1.0",
diff --git a/metron-interface/metron-alerts/src/_variables.scss b/metron-interface/metron-alerts/src/_variables.scss
index 44ed9f6391..21cdfdf6cf 100644
--- a/metron-interface/metron-alerts/src/_variables.scss
+++ b/metron-interface/metron-alerts/src/_variables.scss
@@ -49,6 +49,7 @@ $mine-shaft-7: #2C2C2C;
 $mine-shaft-8: #353535;
 $mine-shaft-9: #2B2B2B;
 $mine-shaft-10: #303030;
+$mine-shaft-11: #3A3A3A;
 $dove-grey: #737373;
 $tundora: #4D4D4D;
 $tundora-1: #404040;
@@ -86,6 +87,7 @@ $eastern-blue: #1F91BE;
 $mantis: #80BF4D;
 $sky-blue: #75D2ED;
 $outer-space: #2E3A3F;
+$abbey: #58595B;
 $white: #FFFFFF;
 $iron: #D1D3D4;
 $rolling-stone: #808285;
@@ -110,6 +112,27 @@ $nav-content-nav-width: 200px;
 $login-label: #606060;
 $black: #000000;
 
+
+//Pikaday
+$pd-text-color: #999999;
+$pd-title-color: #999999;
+$pd-title-bg: #3D3D3D;
+$pd-picker-bg: #3D3D3D;
+$pd-picker-border: #4D4D4D;
+$pd-picker-border-bottom: #353535;
+$pd-picker-shadow: rgba(0,0,0,.5);
+$pd-th-color: #999;
+$pd-day-color: #999999;
+$pd-day-bg: #2D2D2D;
+$pd-day-hover-color: #FDFEFE;
+$pd-day-hover-bg: #1F91BE;
+$pd-day-today-color: #FFFFFF;
+$pd-day-selected-color: #1E87AF;
+$pd-day-selected-bg: tranparent;
+$pd-day-selected-shadow: tranparent;
+$pd-day-disabled-color: #999;
+$pd-week-color: #999;
+
 @mixin place-holder-text
 {
   font-family: Roboto;
diff --git a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.html b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.html
index bcecef37ef..63b4e418e2 100644
--- a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.html
+++ b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.html
@@ -23,6 +23,9 @@
                     <span class="input-group-btn">
                         <button class="btn btn-secondary btn-search-clear" type="button" (click)="onClear()"></button>
                     </span>
+                    <span class="input-group-btn">
+                        <app-time-range (timeRangeChange)="onTimeRangeChange($event)" [disabled]="timeStampfilterPresent" [selectedTimeRange]="selectedTimeRange"> </app-time-range>
+                    </span>
                     <span class="input-group-btn">
                         <button class="btn btn-secondary btn-search" type="button" (click)="onSearch(alertSearchDirective.getSeacrhText())"></button>
                     </span>
diff --git a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.scss b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.scss
index a803df0300..01b8f9ad94 100644
--- a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.scss
+++ b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.scss
@@ -66,7 +66,7 @@ $searchbox-height: 42px;
 
   .btn-saved-searches {
     font-size: 15px;
-
+    font-family: Roboto;
     background: $mine-shaft-5;
     border: 1px solid $tundora;
     color: $silver-chalice;
@@ -86,7 +86,7 @@ $searchbox-height: 42px;
   .btn-search-clear {
     border-top: 1px solid $tundora;
     border-bottom: 1px solid $tundora;
-    border-right: 1px solid $blue-chill;
+    border-right: 1px solid $tundora;
     background: $mine-shaft-1;
     border-left: none;
     padding: 0px 5px 0px 0px;
diff --git a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.ts b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.ts
index 06d3fb2608..228c4f75ce 100644
--- a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.ts
+++ b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.ts
@@ -35,8 +35,9 @@ import {MetronDialogBox, DialogType} from '../../shared/metron-dialog-box';
 import {AlertSearchDirective} from '../../shared/directives/alert-search.directive';
 import {SearchResponse} from '../../model/search-response';
 import {ElasticsearchUtils} from '../../utils/elasticsearch-utils';
-import {TableViewComponent} from './table-view/table-view.component';
 import {Filter} from '../../model/filter';
+import {THREAT_SCORE_FIELD_NAME, TIMESTAMP_FIELD_NAME, ALL_TIME} from '../../utils/constants';
+import {TableViewComponent} from './table-view/table-view.component';
 import {Pagination} from '../../model/pagination';
 import {PatchRequest} from '../../model/patch-request';
 
@@ -58,7 +59,9 @@ export class AlertsListComponent implements OnInit, OnDestroy {
   refreshTimer: Subscription;
   pauseRefresh = false;
   lastPauseRefreshValue = false;
-  threatScoreFieldName = 'threat:triage:score';
+  timeStampfilterPresent = false;
+  selectedTimeRange = new Filter(TIMESTAMP_FIELD_NAME, ALL_TIME, false);
+  threatScoreFieldName = THREAT_SCORE_FIELD_NAME;
 
   @ViewChild('table') table: ElementRef;
   @ViewChild('dataViewComponent') dataViewComponent: TableViewComponent;
@@ -104,12 +107,23 @@ export class AlertsListComponent implements OnInit, OnDestroy {
       let queryBuilder = new QueryBuilder();
       queryBuilder.setGroupby(this.queryBuilder.groupRequest.groups.map(group => group.field));
       queryBuilder.searchRequest = savedSearch.searchRequest;
+      queryBuilder.filters = savedSearch.filters;
       this.queryBuilder = queryBuilder;
+      this.setSelectedTimeRange(savedSearch.filters);
       this.prepareColumnData(savedSearch.tableColumns, []);
+      this.timeStampfilterPresent = this.queryBuilder.isTimeStampFieldPresent();
       this.search(true, savedSearch);
     });
   }
 
+  setSelectedTimeRange(filters: Filter[]) {
+    filters.forEach(filter => {
+      if (filter.field === TIMESTAMP_FIELD_NAME && filter.dateFilterValue) {
+        this.selectedTimeRange = JSON.parse(JSON.stringify(filter));
+      }
+    });
+  }
+
   calcColumnsToDisplay() {
     let availableWidth = document.documentElement.clientWidth - (200 + (15 * 4)); /* screenwidth - (navPaneWidth + (paddings))*/
     availableWidth = availableWidth - (55 + 25 + 25); /* availableWidth - (score + colunSelectIcon +selectCheckbox )*/
@@ -157,14 +171,16 @@ export class AlertsListComponent implements OnInit, OnDestroy {
   }
 
   onClear() {
-    this.queryBuilder.displayQuery = '';
+    this.timeStampfilterPresent = false;
+    this.queryBuilder.clearSearch();
+    this.selectedTimeRange = new Filter(TIMESTAMP_FIELD_NAME, ALL_TIME, false);
     this.search();
   }
 
   onSearch($event) {
-    this.queryBuilder.displayQuery = $event;
+    this.queryBuilder.setSearch($event);
+    this.timeStampfilterPresent = this.queryBuilder.isTimeStampFieldPresent();
     this.search();
-
     return false;
   }
 
@@ -186,6 +202,7 @@ export class AlertsListComponent implements OnInit, OnDestroy {
   }
 
   onAddFilter(filter: Filter) {
+    this.timeStampfilterPresent = (filter.field === TIMESTAMP_FIELD_NAME);
     this.queryBuilder.addOrUpdateFilter(filter);
     this.search();
   }
@@ -214,6 +231,16 @@ export class AlertsListComponent implements OnInit, OnDestroy {
     this.colNumberTimerId = setTimeout(() => { this.calcColumnsToDisplay(); }, 500);
   }
 
+  onTimeRangeChange(filter: Filter) {
+    if (filter.value === ALL_TIME) {
+      this.queryBuilder.removeFilter(filter.field);
+    } else {
+      this.queryBuilder.addOrUpdateFilter(filter);
+    }
+
+    this.search();
+  }
+
   prepareColumnData(configuredColumns: ColumnMetadata[], defaultColumns: ColumnMetadata[]) {
     this.alertsColumns = (configuredColumns && configuredColumns.length > 0) ? configuredColumns : defaultColumns;
     this.queryBuilder.setFields(this.getColumnNamesForQuery());
@@ -255,6 +282,7 @@ export class AlertsListComponent implements OnInit, OnDestroy {
   }
 
   removeFilter(field: string) {
+    this.timeStampfilterPresent = (field === TIMESTAMP_FIELD_NAME) ? false : this.timeStampfilterPresent;
     this.queryBuilder.removeFilter(field);
     this.search();
   }
@@ -301,7 +329,9 @@ export class AlertsListComponent implements OnInit, OnDestroy {
         savedSearch = new SaveSearch();
         savedSearch.searchRequest = this.queryBuilder.searchRequest;
         savedSearch.tableColumns = this.alertsColumns;
-        savedSearch.name = savedSearch.getDisplayString();
+        savedSearch.filters = this.queryBuilder.filters;
+        savedSearch.searchRequest.query = '';
+        savedSearch.name = this.queryBuilder.generateNameForSearchRequest();
       }
 
       this.saveSearchService.saveAsRecentSearches(savedSearch).subscribe(() => {
@@ -314,6 +344,7 @@ export class AlertsListComponent implements OnInit, OnDestroy {
     this.searchResponse = results;
     this.pagination.total = results.total;
     this.alerts = results.results ? results.results : [];
+    this.setSelectedTimeRange(this.queryBuilder.filters);
   }
 
   showConfigureTable() {
@@ -358,7 +389,7 @@ export class AlertsListComponent implements OnInit, OnDestroy {
   tryStartPolling() {
     if (!this.pauseRefresh) {
       this.tryStopPolling();
-      this.refreshTimer = this.searchService.pollSearch(this.queryBuilder.searchRequest).subscribe(results => {
+      this.refreshTimer = this.searchService.pollSearch(this.queryBuilder).subscribe(results => {
         this.setData(results);
       });
     }
diff --git a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.module.ts b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.module.ts
index 27b7e2ed3b..6e0dd2a362 100644
--- a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.module.ts
+++ b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.module.ts
@@ -27,6 +27,7 @@ import {ListGroupModule} from '../../shared/list-group/list-grup.module';
 import {CollapseModule} from '../../shared/collapse/collapse.module';
 import {MetronTablePaginationModule} from '../../shared/metron-table/metron-table-pagination/metron-table-pagination.module';
 import {ConfigureRowsModule} from '../configure-rows/configure-rows.module';
+import {TimeRangeModule} from '../../shared/time-range/time-range.module';
 import {GroupByModule} from '../../shared/group-by/group-by.module';
 import {AlertFiltersComponent} from './alert-filters/alert-filters.component';
 import {TableViewComponent} from './table-view/table-view.component';
@@ -34,7 +35,7 @@ import {TreeViewComponent} from './tree-view/tree-view.component';
 
 @NgModule({
     imports: [routing, SharedModule, ConfigureRowsModule, MetronSorterModule, MetronTablePaginationModule,
-                ListGroupModule, CollapseModule, GroupByModule],
+                ListGroupModule, CollapseModule, GroupByModule, TimeRangeModule],
     exports: [AlertsListComponent],
     declarations: [AlertsListComponent, TableViewComponent, TreeViewComponent, AlertFiltersComponent],
     providers: [DecimalPipe, SearchService]
diff --git a/metron-interface/metron-alerts/src/app/alerts/alerts-list/query-builder.ts b/metron-interface/metron-alerts/src/app/alerts/alerts-list/query-builder.ts
index 863e127c49..e9f96eb7c1 100644
--- a/metron-interface/metron-alerts/src/app/alerts/alerts-list/query-builder.ts
+++ b/metron-interface/metron-alerts/src/app/alerts/alerts-list/query-builder.ts
@@ -19,6 +19,7 @@ import {Filter} from '../../model/filter';
 import {ColumnNamesService} from '../../service/column-names.service';
 import {SearchRequest} from '../../model/search-request';
 import {SortField} from '../../model/sort-field';
+import {TIMESTAMP_FIELD_NAME} from '../../utils/constants';
 import {GroupRequest} from '../../model/group-request';
 import {Group} from '../../model/group';
 
@@ -29,27 +30,20 @@ export class QueryBuilder {
   private _displayQuery = this._query;
   private _filters: Filter[] = [];
 
-  set query(value: string) {
-    value = value.replace(/\\:/g, ':');
-    this._query = value;
-    this.updateFilters(this._query, false);
-    this.onSearchChange();
-  }
-
   get query(): string {
     return this._query;
   }
 
-  set displayQuery(value: string) {
-    this._displayQuery = value;
-    this.updateFilters(this._displayQuery, true);
-    this.onSearchChange();
-  }
-
   get displayQuery(): string {
     return this._displayQuery;
   }
 
+  set filters(filters: Filter[]) {
+    filters.forEach(filter =>  {
+      this.addOrUpdateFilter(filter)
+    });
+  }
+
   get filters(): Filter[] {
     return this._filters;
   }
@@ -62,7 +56,7 @@ export class QueryBuilder {
 
   set searchRequest(value: SearchRequest) {
     this._searchRequest = value;
-    this.query = this._searchRequest.query;
+    this.setSearch(this._searchRequest.query);
   }
 
   get groupRequest(): GroupRequest {
@@ -70,10 +64,28 @@ export class QueryBuilder {
     return this._groupRequest;
   }
 
+  setSearch(query: string) {
+    this.updateFilters(query, true);
+    this.onSearchChange();
+  }
+
+  clearSearch() {
+    this._filters = [];
+    this.onSearchChange();
+  }
+
   addOrUpdateFilter(filter: Filter) {
-    let existingFilter = this._filters.find(tFilter => tFilter.field === filter.field);
+    let existingFilterIndex = -1;
+    let existingFilter = this._filters.find((tFilter, index) => {
+      if (tFilter.field === filter.field) {
+        existingFilterIndex = index;
+        return true;
+      }
+      return false;
+    });
+
     if (existingFilter) {
-      existingFilter.value = filter.value;
+      this._filters.splice(existingFilterIndex, 1, filter);
     } else {
       this._filters.push(filter);
     }
@@ -82,22 +94,33 @@ export class QueryBuilder {
   }
 
   generateSelect() {
-    let select = this._filters.map(filter => {
-      return filter.field.replace(/:/g, '\\:') +
-              ':' +
-        String(filter.value)
-          .replace(/[\*\+\-=~><\"\?^\${}\(\)\:\!\/[\]\\\s]/g, '\\$&') // replace single  special characters
-          .replace(/\|\|/g, '\\||') // replace ||
-          .replace(/\&\&/g, '\\&&'); // replace &&
-    }).join(' AND ');
+    let select = this._filters.map(filter => filter.getQueryString()).join(' AND ');
     return (select.length === 0) ? '*' : select;
   }
 
-  generateSelectForDisplay() {
+  generateNameForSearchRequest() {
     let select = this._filters.map(filter => ColumnNamesService.getColumnDisplayValue(filter.field) + ':' + filter.value).join(' AND ');
     return (select.length === 0) ? '*' : select;
   }
 
+  generateSelectForDisplay() {
+    let appliedFilters = [];
+    this._filters.reduce((appliedFilters, filter) => {
+      if (filter.display) {
+        appliedFilters.push(ColumnNamesService.getColumnDisplayValue(filter.field) + ':' + filter.value);
+      }
+
+      return appliedFilters;
+    }, appliedFilters);
+
+    let select = appliedFilters.join(' AND ');
+    return (select.length === 0) ? '*' : select;
+  }
+
+  isTimeStampFieldPresent(): boolean {
+    return this._filters.some(filter => (filter.field === TIMESTAMP_FIELD_NAME &&  !isNaN(Number(filter.value))));
+  }
+
   onSearchChange() {
     this._query = this.generateSelect();
     this._displayQuery = this.generateSelectForDisplay();
@@ -133,7 +156,7 @@ export class QueryBuilder {
 
   private updateFilters(tQuery: string, updateNameTransform = false) {
     let query = tQuery;
-    this._filters = [];
+    this.removeDisplayedFilters();
 
     if (query && query !== '' && query !== '*') {
       let terms = query.split(' AND ');
@@ -146,4 +169,12 @@ export class QueryBuilder {
       }
     }
   }
+
+  private removeDisplayedFilters() {
+    for (let i = this._filters.length-1; i >= 0; i--) {
+      if (this._filters[i].display) {
+        this._filters.splice(i, 1);
+      }
+    }
+  }
 }
diff --git a/metron-interface/metron-alerts/src/app/alerts/save-search/save-search.component.ts b/metron-interface/metron-alerts/src/app/alerts/save-search/save-search.component.ts
index d3bd9da69e..b27da3ab5e 100644
--- a/metron-interface/metron-alerts/src/app/alerts/save-search/save-search.component.ts
+++ b/metron-interface/metron-alerts/src/app/alerts/save-search/save-search.component.ts
@@ -47,7 +47,9 @@ export class SaveSearchComponent implements OnInit {
   save() {
     this.saveSearch.searchRequest = this.saveSearchService.queryBuilder.searchRequest;
     this.saveSearch.tableColumns = this.saveSearchService.tableColumns;
-
+    this.saveSearch.filters = this.saveSearchService.queryBuilder.filters;
+    this.saveSearch.searchRequest.query = '';
+    
     this.saveSearchService.saveSearch(this.saveSearch).subscribe(() => {
       this.goBack();
     }, error => {
diff --git a/metron-interface/metron-alerts/src/app/model/date-filter-value.ts b/metron-interface/metron-alerts/src/app/model/date-filter-value.ts
new file mode 100644
index 0000000000..1318ce2004
--- /dev/null
+++ b/metron-interface/metron-alerts/src/app/model/date-filter-value.ts
@@ -0,0 +1,28 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+export class DateFilterValue {
+  fromDate: number;
+  toDate: number;
+
+
+  constructor(fromDate = 0, toDate = 0) {
+    this.fromDate = fromDate;
+    this.toDate = toDate;
+  }
+}
\ No newline at end of file
diff --git a/metron-interface/metron-alerts/src/app/model/filter.ts b/metron-interface/metron-alerts/src/app/model/filter.ts
index 24c54d878a..441add4bd9 100644
--- a/metron-interface/metron-alerts/src/app/model/filter.ts
+++ b/metron-interface/metron-alerts/src/app/model/filter.ts
@@ -15,12 +15,44 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+import {ElasticsearchUtils} from '../utils/elasticsearch-utils';
+import {TIMESTAMP_FIELD_NAME} from '../utils/constants';
+import {Utils} from '../utils/utils';
+import {DateFilterValue} from './date-filter-value';
+
 export class Filter {
   field: string;
   value: string;
+  display: boolean;
+  dateFilterValue: DateFilterValue;
+
+  static fromJSON(objs: Filter[]): Filter[] {
+    let filters = [];
+    if (objs) {
+      for (let obj of objs) {
+        filters.push(new Filter(obj.field, obj.value, obj.display));
+      }
+    }
+    return filters;
+  }
 
-  constructor(field: string, value: string) {
+  constructor(field: string, value: string, display = true) {
     this.field = field;
     this.value = value;
+    this.display = display;
+  }
+
+  getQueryString(): string {
+    if (this.field === TIMESTAMP_FIELD_NAME && !this.display) {
+      this.dateFilterValue = Utils.timeRangeToDateObj(this.value);
+      if (this.dateFilterValue !== null && this.dateFilterValue.toDate !== null) {
+        return ElasticsearchUtils.escapeESField(this.field) + ':' +
+            '(>=' + this.dateFilterValue.fromDate + ' AND ' + ' <=' + this.dateFilterValue.toDate + ')';
+      } else {
+        return ElasticsearchUtils.escapeESField(this.field) + ':' + this.value;
+      }
+    }
+
+    return ElasticsearchUtils.escapeESField(this.field) + ':' +  ElasticsearchUtils.escapeESValue(this.value);
   }
 }
diff --git a/metron-interface/metron-alerts/src/app/model/save-search.ts b/metron-interface/metron-alerts/src/app/model/save-search.ts
index b2ee765670..173f60e1ff 100644
--- a/metron-interface/metron-alerts/src/app/model/save-search.ts
+++ b/metron-interface/metron-alerts/src/app/model/save-search.ts
@@ -19,18 +19,21 @@
 import {QueryBuilder} from '../alerts/alerts-list/query-builder';
 import {ColumnMetadata} from './column-metadata';
 import {SearchRequest} from './search-request';
+import {Filter} from './filter';
 
 export class SaveSearch {
   name  = '';
   lastAccessed = 0;
   searchRequest: SearchRequest;
   tableColumns: ColumnMetadata[];
+  filters: Filter[];
 
   public static fromJSON(obj: SaveSearch): SaveSearch {
     let saveSearch = new SaveSearch();
     saveSearch.name = obj.name;
     saveSearch.lastAccessed = obj.lastAccessed;
     saveSearch.searchRequest = obj.searchRequest;
+    saveSearch.filters = Filter.fromJSON(obj.filters);
     saveSearch.tableColumns = ColumnMetadata.fromJSON(obj.tableColumns);
 
     return saveSearch;
@@ -43,6 +46,6 @@ export class SaveSearch {
 
     let queryBuilder = new QueryBuilder();
     queryBuilder.searchRequest = this.searchRequest;
-    return queryBuilder.generateSelectForDisplay();
+    return queryBuilder.generateNameForSearchRequest();
   }
 }
diff --git a/metron-interface/metron-alerts/src/app/service/search.service.ts b/metron-interface/metron-alerts/src/app/service/search.service.ts
index 71ed5160fd..4bbcc2d641 100644
--- a/metron-interface/metron-alerts/src/app/service/search.service.ts
+++ b/metron-interface/metron-alerts/src/app/service/search.service.ts
@@ -30,6 +30,7 @@ import {GroupRequest} from '../model/group-request';
 import {GroupResult} from '../model/group-result';
 import {INDEXES} from '../utils/constants';
 import {ColumnMetadata} from '../model/column-metadata';
+import {QueryBuilder} from '../alerts/alerts-list/query-builder';
 
 @Injectable()
 export class SearchService {
@@ -83,11 +84,11 @@ export class SearchService {
     .catch(HttpUtil.handleError);
   }
 
-  public pollSearch(searchRequest: SearchRequest): Observable<SearchResponse> {
+  public pollSearch(queryBuilder: QueryBuilder): Observable<SearchResponse> {
     return this.ngZone.runOutsideAngular(() => {
       return this.ngZone.run(() => {
         return Observable.interval(this.interval * 1000).switchMap(() => {
-          return this.search(searchRequest);
+          return this.search(queryBuilder.searchRequest);
         });
       });
     });
diff --git a/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.html b/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.html
new file mode 100644
index 0000000000..475d7fc99e
--- /dev/null
+++ b/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.html
@@ -0,0 +1,17 @@
+<!--
+  Licensed to the Apache Software
+	Foundation (ASF) under one or more contributor license agreements. See the
+	NOTICE file distributed with this work for additional information regarding
+	copyright ownership. The ASF licenses this file to You under the Apache License,
+	Version 2.0 (the "License"); you may not use this file except in compliance
+	with the License. You may obtain a copy of the License at
+  http://www.apache.org/licenses/LICENSE-2.0
+  Unless required by applicable law or agreed to in writing, software distributed
+	under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
+	OR CONDITIONS OF ANY KIND, either express or implied. See the License for
+  the specific language governing permissions and limitations under the License.
+  -->
+<div #inputText class="input-group">
+  <input class="form-control" [(ngModel)]="dateStr" (click)="toggleDatePicker($event)">
+  <span class="input-group-addon calendar"></span>
+</div>
diff --git a/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.scss b/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.scss
new file mode 100644
index 0000000000..813b6a5a03
--- /dev/null
+++ b/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.scss
@@ -0,0 +1,31 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+@import "../../../variables";
+
+.calendar {
+  height: 35px;
+  background: #333333;
+  border: solid 1px #4D4D4D;
+  color: #999999;
+
+  &::after {
+    font-family: "FontAwesome";
+    content: '\f073';
+  }
+}
\ No newline at end of file
diff --git a/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.spec.ts b/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.spec.ts
new file mode 100644
index 0000000000..994ac02bff
--- /dev/null
+++ b/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.spec.ts
@@ -0,0 +1,25 @@
+import { async, ComponentFixture, TestBed } from '@angular/core/testing';
+
+import { DatePickerComponent } from './date-picker.component';
+
+describe('DatePickerComponent', () => {
+  let component: DatePickerComponent;
+  let fixture: ComponentFixture<DatePickerComponent>;
+
+  beforeEach(async(() => {
+    TestBed.configureTestingModule({
+      declarations: [ DatePickerComponent ]
+    })
+    .compileComponents();
+  }));
+
+  beforeEach(() => {
+    fixture = TestBed.createComponent(DatePickerComponent);
+    component = fixture.componentInstance;
+    fixture.detectChanges();
+  });
+
+  it('should be created', () => {
+    expect(component).toBeTruthy();
+  });
+});
diff --git a/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.ts b/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.ts
new file mode 100644
index 0000000000..3ed7df94c5
--- /dev/null
+++ b/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.component.ts
@@ -0,0 +1,77 @@
+import { Component, OnInit, ViewChild, ElementRef, OnChanges, SimpleChanges, Input, Output, EventEmitter } from '@angular/core';
+import * as moment from 'moment/moment';
+import * as Pikaday from "pikaday-time";
+
+@Component({
+  selector: 'app-date-picker',
+  templateUrl: './date-picker.component.html',
+  styleUrls: ['./date-picker.component.scss']
+})
+export class DatePickerComponent implements OnInit, OnChanges {
+  defaultDateStr = 'now';
+  picker: Pikaday;
+  dateStr = this.defaultDateStr;
+
+  @Input() date = '';
+  @Input() minDate = '';
+  @Output() dateChange = new EventEmitter<string>();
+  @ViewChild('inputText') inputText: ElementRef;
+
+  constructor(private elementRef: ElementRef) {}
+
+  ngOnInit() {
+    let _datePickerComponent = this;
+    let pikadayConfig = {
+      field: this.elementRef.nativeElement,
+      showSeconds: true,
+      use24hour: true,
+      onSelect: function() {
+        _datePickerComponent.dateStr = this.getMoment().format('YYYY-MM-DD HH:mm:ss');
+        setTimeout(() => _datePickerComponent.dateChange.emit(_datePickerComponent.dateStr), 0);
+      }
+    };
+    this.picker = new Pikaday(pikadayConfig);
+    this.setDate();
+  }
+
+  ngOnChanges(changes: SimpleChanges) {
+    if (changes && changes['minDate'] && this.picker) {
+      this.setMinDate();
+    }
+
+    if (changes && changes['date'] && this.picker) {
+      this.setDate();
+    }
+  }
+
+  setDate() {
+    if (this.date === '') {
+      this.dateStr = this.defaultDateStr;
+    } else {
+      this.dateStr = this.date;
+      this.picker.setDate(this.dateStr);
+    }
+  }
+
+  setMinDate() {
+    let currentDate = new Date(this.dateStr).getTime();
+    let currentMinDate = new Date(this.minDate).getTime();
+    if (currentMinDate > currentDate) {
+      this.dateStr = this.defaultDateStr;
+    }
+    this.picker.setMinDate(new Date(this.minDate));
+    this.picker.setDate(moment(this.minDate).endOf('day').format('YYYY-MM-DD HH:mm:ss'));
+  }
+
+  toggleDatePicker($event) {
+    if (this.picker) {
+      if (this.picker.isVisible()) {
+        this.picker.hide();
+      } else {
+        this.picker.show();
+      }
+
+      $event.stopPropagation();
+    }
+  }
+}
diff --git a/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.module.ts b/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.module.ts
new file mode 100644
index 0000000000..ded98816c2
--- /dev/null
+++ b/metron-interface/metron-alerts/src/app/shared/date-picker/date-picker.module.ts
@@ -0,0 +1,15 @@
+import { NgModule } from '@angular/core';
+import { CommonModule }        from '@angular/common';
+import { FormsModule }         from '@angular/forms';
+import {DatePickerComponent} from './date-picker.component';
+import {SharedModule} from '../shared.module';
+
+@NgModule({
+  imports: [
+    CommonModule,
+    FormsModule
+  ],
+  declarations: [DatePickerComponent],
+  exports: [DatePickerComponent]
+})
+export class DatePickerModule { }
diff --git a/metron-interface/metron-alerts/src/app/shared/pipes/map-keys.pipe.spec.ts b/metron-interface/metron-alerts/src/app/shared/pipes/map-keys.pipe.spec.ts
new file mode 100644
index 0000000000..17cfef7f59
--- /dev/null
+++ b/metron-interface/metron-alerts/src/app/shared/pipes/map-keys.pipe.spec.ts
@@ -0,0 +1,8 @@
+import { MapKeysPipe } from './map-keys.pipe';
+
+describe('MapKeysPipe', () => {
+  it('create an instance', () => {
+    const pipe = new MapKeysPipe();
+    expect(pipe).toBeTruthy();
+  });
+});
diff --git a/metron-interface/metron-alerts/src/app/shared/pipes/map-keys.pipe.ts b/metron-interface/metron-alerts/src/app/shared/pipes/map-keys.pipe.ts
new file mode 100644
index 0000000000..5bf8013cf4
--- /dev/null
+++ b/metron-interface/metron-alerts/src/app/shared/pipes/map-keys.pipe.ts
@@ -0,0 +1,12 @@
+import { Pipe, PipeTransform } from '@angular/core';
+
+@Pipe({
+  name: 'mapKeys'
+})
+export class MapKeysPipe implements PipeTransform {
+
+  transform(value: any, args?: any): any {
+    return value ? Object.keys(value) : [];
+  }
+
+}
diff --git a/metron-interface/metron-alerts/src/app/shared/shared.module.ts b/metron-interface/metron-alerts/src/app/shared/shared.module.ts
index e26ec9bc94..41290a429f 100644
--- a/metron-interface/metron-alerts/src/app/shared/shared.module.ts
+++ b/metron-interface/metron-alerts/src/app/shared/shared.module.ts
@@ -24,6 +24,7 @@ import { NavContentDirective } from './directives/nav-content.directive';
 import { CenterEllipsesPipe } from './pipes/center-ellipses.pipe';
 import { AlertSearchDirective } from './directives/alert-search.directive';
 import { ColumnNameTranslatePipe } from './pipes/column-name-translate.pipe';
+import { MapKeysPipe } from './pipes/map-keys.pipe';
 import { AlertSeverityHexagonDirective } from './directives/alert-severity-hexagon.directive';
 
 @NgModule({
@@ -37,6 +38,7 @@ import { AlertSeverityHexagonDirective } from './directives/alert-severity-hexag
     CenterEllipsesPipe,
     AlertSearchDirective,
     ColumnNameTranslatePipe,
+    MapKeysPipe,
     AlertSeverityHexagonDirective
   ],
   exports:  [
@@ -48,6 +50,7 @@ import { AlertSeverityHexagonDirective } from './directives/alert-severity-hexag
     CenterEllipsesPipe,
     AlertSearchDirective,
     ColumnNameTranslatePipe,
+    MapKeysPipe,
     AlertSeverityHexagonDirective
   ]
 })
diff --git a/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.html b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.html
new file mode 100644
index 0000000000..b65528da69
--- /dev/null
+++ b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.html
@@ -0,0 +1,57 @@
+<!--
+  Licensed to the Apache Software
+	Foundation (ASF) under one or more contributor license agreements. See the
+	NOTICE file distributed with this work for additional information regarding
+	copyright ownership. The ASF licenses this file to You under the Apache License,
+	Version 2.0 (the "License"); you may not use this file except in compliance
+	with the License. You may obtain a copy of the License at
+  http://www.apache.org/licenses/LICENSE-2.0
+  Unless required by applicable law or agreed to in writing, software distributed
+	under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
+	OR CONDITIONS OF ANY KIND, either express or implied. See the License for
+  the specific language governing permissions and limitations under the License.
+  -->
+<button class="btn btn-secondary btn-search" [disabled]="disabled" type="button" data-animation="false"  data-toggle="collapse" data-target="#time-range" aria-expanded="false" aria-controls="time-range">
+  <span> {{selectedTimeRangeValue}} </span>
+  <br/> <span style="font-size: 8px;" *ngIf="selectedTimeRangeValue !== 'All time'"> {{fromDateStr}} to {{toDateStr}}</span>
+</button>
+
+<div #datePicker class="collapse" id="time-range">
+  <div class="card card-block">
+    <div class="container-fluid no-gutters h-100">
+      <div class="row h-100">
+        <div class="col-4 time-range">
+          <div class="title">Time Range</div> <br>
+          <form>
+            <div class="form-group">
+              <label>FROM</label>
+              <app-date-picker [(date)]="datePickerFromDate"> </app-date-picker>
+            </div>
+            <div class="form-group">
+              <label>TO</label>
+              <app-date-picker [(date)]="datePickerToDate"> </app-date-picker>
+            </div>
+            <button class="btn btn-primary pull-right" type="button" [disabled]='datePickerFromDate===""' (click)="applyCustomDate()">APPLY</button>
+          </form>
+        </div>
+        <div class="col-8 quick-ranges pr-0">
+          <div class="title"> Quick Ranges </div> <br>
+          <div class="row no-gutters">
+            <div class="col-3">
+              <span *ngFor="let key of timeRangeMappingCol1 | mapKeys" (click)="selectTimeRange($event, timeRangeMappingCol1[key])">  {{ key }} </span> <br>
+            </div>
+            <div class="col-3">
+              <span *ngFor="let key of timeRangeMappingCol2 | mapKeys" (click)="selectTimeRange($event, timeRangeMappingCol2[key])">  {{ key }} </span> <br>
+            </div>
+            <div class="col-3">
+              <span *ngFor="let key of timeRangeMappingCol3 | mapKeys" (click)="selectTimeRange($event, timeRangeMappingCol3[key])">  {{ key }} </span> <br>
+            </div>
+            <div class="col-3">
+              <span *ngFor="let key of timeRangeMappingCol4 | mapKeys" (click)="selectTimeRange($event, timeRangeMappingCol4[key])">  {{ key }} </span> <br>
+            </div>
+          </div>
+        </div>
+      </div>
+    </div>
+  </div>
+</div>
\ No newline at end of file
diff --git a/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.scss b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.scss
new file mode 100644
index 0000000000..7f5faf0527
--- /dev/null
+++ b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.scss
@@ -0,0 +1,106 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+@import "../../../variables";
+
+
+:host {
+  height: 100%;
+}
+
+.btn-search {
+  height: 100%;
+  color: $silver;
+  cursor: pointer;
+  line-height: 1;
+  padding: 2px 20px;
+  border-radius: 0px;
+  font-family: Roboto;
+  background: $mine-shaft-11;
+  border: 1px solid $tundora !important;
+
+  &:focus {
+    box-shadow: none;
+  }
+
+  &::after {
+    font-family: "FontAwesome";
+    content: '\f0d7';
+    padding-left: 5px;
+    color: $dusty-grey;
+    position: absolute;
+    top: 15px;
+    right: 5px;
+  }
+}
+
+.collapse, .collapsing {
+  position: absolute;
+  margin-top: 5px;
+  width: 930px;
+  height: 257px;
+  z-index: 99;
+  right: 0;
+
+  .card, .card-block {
+    height: inherit;
+    background: $mine-shaft-1;
+    border: 1px solid $mine-shaft-8;
+  }
+}
+
+.title {
+  font-size: 20px;
+}
+
+.time-range {
+  border-right: 1px solid $abbey;
+}
+
+.input-group {
+  position: relative;
+  width: 100%;
+
+  .form-control {
+    display: block;
+    flex-direction: initial;
+    justify-content: initial;
+  }
+}
+
+.quick-ranges {
+  span {
+    color: #1E87AF;
+    font-size: 14px;
+    line-height: 1.7;
+    cursor: pointer;
+    width: 100%;
+    display: block;
+    padding: 0px 5px;
+    font-family: Roboto;
+
+    &:hover {
+      background: #1F91BE;
+      color: #FDFEFE;
+    }
+  }
+}
+
+form {
+  margin-top: 5px;
+}
\ No newline at end of file
diff --git a/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.spec.ts b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.spec.ts
new file mode 100644
index 0000000000..1e35979540
--- /dev/null
+++ b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.spec.ts
@@ -0,0 +1,25 @@
+import { async, ComponentFixture, TestBed } from '@angular/core/testing';
+
+import { TimeRangeComponent } from './time-range.component';
+
+describe('TimeRangeComponent', () => {
+  let component: TimeRangeComponent;
+  let fixture: ComponentFixture<TimeRangeComponent>;
+
+  beforeEach(async(() => {
+    TestBed.configureTestingModule({
+      declarations: [ TimeRangeComponent ]
+    })
+    .compileComponents();
+  }));
+
+  beforeEach(() => {
+    fixture = TestBed.createComponent(TimeRangeComponent);
+    component = fixture.componentInstance;
+    fixture.detectChanges();
+  });
+
+  it('should be created', () => {
+    expect(component).toBeTruthy();
+  });
+});
diff --git a/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.ts b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.ts
new file mode 100644
index 0000000000..89f57a1053
--- /dev/null
+++ b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.component.ts
@@ -0,0 +1,192 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { Component, OnInit, ViewChild, ElementRef, HostListener, EventEmitter, Output, Input, OnChanges, SimpleChanges} from '@angular/core';
+import * as moment from 'moment/moment';
+
+import {Filter} from '../../model/filter';
+import {
+    DEFAULT_TIMESTAMP_FORMAT, CUSTOMM_DATE_RANGE_LABEL,
+    TIMESTAMP_FIELD_NAME, ALL_TIME
+} from '../../utils/constants';
+import {DateFilterValue} from '../../model/date-filter-value';
+
+@Component({
+  selector: 'app-time-range',
+  templateUrl: './time-range.component.html',
+  styleUrls: ['./time-range.component.scss']
+})
+export class TimeRangeComponent implements OnInit, OnChanges {
+  toDateStr = '';
+  fromDateStr = '';
+  datePickerFromDate = '';
+  datePickerToDate = '';
+  selectedTimeRangeValue = 'All time';
+
+  @Input() disabled = false;
+  @Input() selectedTimeRange: Filter;
+  @ViewChild('datePicker') datePicker: ElementRef;
+  @Output() timeRangeChange = new EventEmitter<Filter>();
+
+  timeRangeMappingCol1 = {
+    'Last 7 days':            'last-7-days',
+    'Last 30 days':           'last-30-days',
+    'Last 60 days':           'last-60-days',
+    'Last 90 days':           'last-90-days',
+    'Last 6 months':          'last-6-months',
+    'Last 1 year':            'last-1-year',
+    'Last 2 years':           'last-2-years',
+    'Last 5 years':           'last-5-years'
+  };
+  timeRangeMappingCol2 = {
+    'Yesterday':              'yesterday',
+    'Day before yesterday':   'day-before-yesterday',
+    'This day last week':     'this-day-last-week',
+    'Previous week':          'previous-week',
+    'Previous month':         'previous-month',
+    'Previous year':          'previous-year',
+    'All time':               ALL_TIME
+  };
+  timeRangeMappingCol3 = {
+    'Today':                  'today',
+    'Today so far':           'today-so-far',
+    'This week':              'this-week',
+    'This week so far':       'this-week-so-far',
+    'This month':             'this-month',
+    'This year':              'this-year'
+  };
+  timeRangeMappingCol4 = {
+    'Last 5 minutes':         'last-5-minutes',
+    'Last 15 minutes':        'last-15-minutes',
+    'Last 30 minutes':        'last-30-minutes',
+    'Last 1 hour':            'last-1-hour',
+    'Last 3 hours':           'last-3-hours',
+    'Last 6 hours':           'last-6-hours',
+    'Last 12 hours':          'last-12-hours',
+    'Last 24 hours':          'last-24-hours'
+  };
+
+  constructor() { }
+
+  ngOnChanges(changes: SimpleChanges) {
+    if (changes && changes['selectedTimeRange']) {
+      this.onSelectedTimeRangeChange();
+    }
+  }
+
+  ngOnInit() {
+  }
+
+  onSelectedTimeRangeChange() {
+    let foundQuickRange = false;
+    let merged = Object.assign({}, this.timeRangeMappingCol1, this.timeRangeMappingCol2, this.timeRangeMappingCol3, this.timeRangeMappingCol4);
+    Object.keys(merged).forEach(key => {
+      if (this.selectedTimeRange.value === merged[key]) {
+        foundQuickRange = true;
+        this.selectedTimeRangeValue = key;
+        if (this.selectedTimeRange.dateFilterValue) {
+          this.toDateStr = moment(this.selectedTimeRange.dateFilterValue.toDate).format(DEFAULT_TIMESTAMP_FORMAT);
+          this.fromDateStr = moment(this.selectedTimeRange.dateFilterValue.fromDate).format(DEFAULT_TIMESTAMP_FORMAT);
+
+          this.datePickerFromDate = '';
+          this.datePickerToDate = '';
+        }
+      }
+    });
+
+    if (!foundQuickRange) {
+      this.selectedTimeRangeValue = CUSTOMM_DATE_RANGE_LABEL;
+      this.toDateStr = this.selectedTimeRange.dateFilterValue.toDate !== null ?
+                        moment(this.selectedTimeRange.dateFilterValue.toDate).format(DEFAULT_TIMESTAMP_FORMAT) :
+                        'now';
+      this.fromDateStr = moment(this.selectedTimeRange.dateFilterValue.fromDate).format(DEFAULT_TIMESTAMP_FORMAT);
+
+      this.datePickerFromDate = this.fromDateStr;
+      this.datePickerToDate = this.selectedTimeRange.dateFilterValue.toDate !== null ? this.toDateStr : '';
+    }
+  }
+
+  getTimeRangeStr() {
+    let mappingVal = this.timeRangeMappingCol1[this.selectedTimeRangeValue];
+    if (!mappingVal) {
+      mappingVal = this.timeRangeMappingCol2[this.selectedTimeRangeValue];
+    }
+    if (!mappingVal) {
+      mappingVal = this.timeRangeMappingCol3[this.selectedTimeRangeValue];
+    }
+    if (!mappingVal) {
+      mappingVal = this.timeRangeMappingCol4[this.selectedTimeRangeValue];
+    }
+    return mappingVal;
+  }
+
+  selectTimeRange($event, range: string) {
+    this.hideDatePicker();
+    this.selectedTimeRangeValue = $event.target.textContent.trim();
+    this.datePickerFromDate = '';
+    this.datePickerToDate = '';
+    this.timeRangeChange.emit(new Filter(TIMESTAMP_FIELD_NAME, range, false));
+  }
+
+  hideDatePicker() {
+    this.datePicker.nativeElement.classList.remove('show');
+  }
+
+  applyCustomDate() {
+    this.hideDatePicker();
+    this.selectedTimeRangeValue = CUSTOMM_DATE_RANGE_LABEL;
+    this.toDateStr = this.datePickerToDate.length > 0  ? moment(this.datePickerToDate).format(DEFAULT_TIMESTAMP_FORMAT) : 'NOW';
+    this.fromDateStr = moment(this.datePickerFromDate).format(DEFAULT_TIMESTAMP_FORMAT);
+
+    let toDate = this.datePickerToDate.length > 0 ? new Date(this.toDateStr).getTime() : null;
+    let fromDate = new Date(this.fromDateStr).getTime();
+    let toDateExpression = this.datePickerToDate.length > 0 ?  (' AND ' + ' <=' + toDate) : '';
+
+    let value = '(>=' + fromDate + toDateExpression + ')';
+    let filter = new Filter(TIMESTAMP_FIELD_NAME, value, false);
+    filter.dateFilterValue = new DateFilterValue(fromDate, toDate);
+    this.timeRangeChange.emit(filter);
+  }
+
+  isPikaSelectElement(targetElement: HTMLElement): boolean {
+    while(targetElement) {
+      if (targetElement.classList.toString().startsWith('pika')){
+        return true;
+      }
+      targetElement = targetElement.parentElement;
+    }
+
+    return false;
+  }
+
+  @HostListener('document:click', ['$event', '$event.target'])
+  onClick(event: MouseEvent, targetElement: HTMLElement): void {
+    if (!targetElement) {
+      return;
+    }
+
+    if(this.isPikaSelectElement(targetElement)) {
+      return;
+    }
+
+    const clickedInside = this.datePicker.nativeElement.contains(targetElement);
+    if (!clickedInside) {
+      this.hideDatePicker();
+    }
+  }
+
+}
diff --git a/metron-interface/metron-alerts/src/app/shared/time-range/time-range.module.ts b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.module.ts
new file mode 100644
index 0000000000..412ea39da7
--- /dev/null
+++ b/metron-interface/metron-alerts/src/app/shared/time-range/time-range.module.ts
@@ -0,0 +1,16 @@
+import { NgModule } from '@angular/core';
+import { CommonModule } from '@angular/common';
+import {TimeRangeComponent} from './time-range.component';
+import {DatePickerModule} from '../date-picker/date-picker.module';
+import {SharedModule} from '../shared.module';
+
+@NgModule({
+  imports: [
+    CommonModule,
+    SharedModule,
+    DatePickerModule
+  ],
+  declarations: [TimeRangeComponent],
+  exports: [TimeRangeComponent]
+})
+export class TimeRangeModule { }
diff --git a/metron-interface/metron-alerts/src/app/utils/constants.ts b/metron-interface/metron-alerts/src/app/utils/constants.ts
index b71f89eb8d..156c65fb91 100644
--- a/metron-interface/metron-alerts/src/app/utils/constants.ts
+++ b/metron-interface/metron-alerts/src/app/utils/constants.ts
@@ -24,8 +24,14 @@ export const ALERTS_SAVED_SEARCH = 'metron-alerts-saved-search';
 export const ALERTS_TABLE_METADATA = 'metron-alerts-table-metadata';
 export const ALERTS_COLUMN_NAMES = 'metron-alerts-column-names';
 
+export let THREAT_SCORE_FIELD_NAME = 'threat:triage:score';
+export let TIMESTAMP_FIELD_NAME = 'timestamp';
+export let ALL_TIME = 'all-time';
+
+export let DEFAULT_TIMESTAMP_FORMAT = 'YYYY-MM-DD HH:mm:ss';
+export let CUSTOMM_DATE_RANGE_LABEL = 'Date Range';
+
 export let TREE_SUB_GROUP_SIZE = 5;
 export let DEFAULT_FACETS = ['source:type', 'ip_src_addr', 'ip_dst_addr', 'host', 'enrichments:geo:ip_dst_addr:country'];
 export let DEFAULT_GROUPS = ['source:type', 'ip_src_addr', 'ip_dst_addr', 'host', 'enrichments:geo:ip_dst_addr:country'];
 export let INDEXES =  environment.indices ? environment.indices.split(',') : ['websphere', 'snort', 'asa', 'bro', 'yaf'];
-
diff --git a/metron-interface/metron-alerts/src/app/utils/elasticsearch-utils.ts b/metron-interface/metron-alerts/src/app/utils/elasticsearch-utils.ts
index bbd411236f..1f5bcfcc4f 100644
--- a/metron-interface/metron-alerts/src/app/utils/elasticsearch-utils.ts
+++ b/metron-interface/metron-alerts/src/app/utils/elasticsearch-utils.ts
@@ -71,4 +71,16 @@ export class ElasticsearchUtils {
     return message;
   }
 
+
+  public static escapeESField(field: string) {
+    return field.replace(/:/g, '\\:');
+  }
+
+  public static escapeESValue(value: string) {
+    return String(value)
+    .replace(/[\*\+\-=~><\"\?^\${}\(\)\:\!\/[\]\\\s]/g, '\\$&') // replace single  special characters
+    .replace(/\|\|/g, '\\||') // replace ||
+    .replace(/\&\&/g, '\\&&'); // replace &&
+  }
+
 }
diff --git a/metron-interface/metron-alerts/src/app/utils/utils.ts b/metron-interface/metron-alerts/src/app/utils/utils.ts
new file mode 100644
index 0000000000..57a6355bb0
--- /dev/null
+++ b/metron-interface/metron-alerts/src/app/utils/utils.ts
@@ -0,0 +1,184 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import * as moment from 'moment/moment';
+
+import {DEFAULT_TIMESTAMP_FORMAT, TIMESTAMP_FIELD_NAME} from './constants';
+import {DateFilterValue} from '../model/date-filter-value';
+
+export class Utils {
+
+  public static timeRangeToDateObj(range:string) {
+    let timeRangeToDisplayStr = Utils.timeRangeToDisplayStr(range);
+    if (timeRangeToDisplayStr != null) {
+      let toDate = new Date((timeRangeToDisplayStr.toDate)).getTime();
+      let fromDate = new Date((timeRangeToDisplayStr.fromDate)).getTime();
+
+      return new DateFilterValue(fromDate, toDate);
+    }
+    let timeRangeToEpoc = Utils.parseTimeRange(range);
+    if (timeRangeToEpoc !== null) {
+      return new DateFilterValue(timeRangeToEpoc.fromDate, timeRangeToEpoc.toDate);
+    }
+    return null;
+  }
+
+  public static parseTimeRange(range:string) {
+    let parsed = range.replace(/^\(>=/, '')
+    .replace(/\)$/, '')
+    .replace(/<=/, '').split('AND');
+    if (parsed.length === 2 && !isNaN(Number(parsed[0])) && !isNaN(Number(parsed[1]))) {
+      return {toDate: Number(parsed[1]), fromDate: Number(parsed[0])};
+    }
+    if (parsed.length === 1 && !isNaN(Number(parsed[0]))) {
+      return {toDate: null, fromDate: Number(parsed[0])};
+    }
+
+    return null;
+  }
+
+  public static timeRangeToDisplayStr(range:string) {
+    let toDate = '';
+    let fromDate = '';
+
+    switch (range) {
+      case 'last-7-days':
+        fromDate = moment().subtract(7, 'days').local().format();
+        toDate = moment().local().format();
+        break;
+      case 'last-30-days':
+        fromDate = moment().subtract(30, 'days').local().format();
+        toDate = moment().local().format();
+        break;
+      case 'last-60-days':
+        fromDate = moment().subtract(60, 'days').local().format();
+        toDate = moment().local().format();
+        break;
+      case 'last-90-days':
+        fromDate = moment().subtract(90, 'days').local().format();
+        toDate = moment().local().format();
+        break;
+      case 'last-6-months':
+        fromDate = moment().subtract(6, 'months').local().format();
+        toDate = moment().local().format();
+        break;
+      case 'last-1-year':
+        fromDate = moment().subtract(1, 'year').local().format();
+        toDate = moment().local().format();
+        break;
+      case 'last-2-years':
+        fromDate = moment().subtract(2, 'years').local().format();
+        toDate = moment().local().format();
+        break;
+      case 'last-5-years':
+        fromDate = moment().subtract(5, 'years').local().format();
+        toDate = moment().local().format();
+        break;
+      case 'all-time':
+        fromDate = '1970-01-01T05:30:00+05:30';
+        toDate = '2100-01-01T05:30:00+05:30';
+        break;
+      case 'yesterday':
+        fromDate = moment().subtract(1, 'days').startOf('day').local().format();
+        toDate = moment().subtract(1, 'days').endOf('day').local().format();
+        break;
+      case 'day-before-yesterday':
+        fromDate = moment().subtract(2, 'days').startOf('day').local().format();
+        toDate = moment().subtract(2, 'days').endOf('day').local().format();
+        break;
+      case 'this-day-last-week':
+        fromDate = moment().subtract(7, 'days').startOf('day').local().format();
+        toDate = moment().subtract(7, 'days').endOf('day').local().format();
+        break;
+      case 'previous-week':
+        fromDate = moment().subtract(1, 'weeks').startOf('week').local().format();
+        toDate = moment().subtract(1, 'weeks').endOf('week').local().format();
+        break;
+      case 'previous-month':
+        fromDate = moment().subtract(1, 'months').startOf('month').local().format();
+        toDate = moment().subtract(1, 'months').endOf('month').local().format();
+        break;
+      case 'previous-year':
+        fromDate = moment().subtract(1, 'years').startOf('year').local().format();
+        toDate = moment().subtract(1, 'years').endOf('year').local().format();
+        break;
+      case 'today':
+        fromDate = moment().startOf('day').local().format();
+        toDate = moment().endOf('day').local().format();
+        break;
+      case 'today-so-far':
+        fromDate = moment().startOf('day').local().format();
+        toDate = moment().local().format();
+        break;
+      case 'this-week':
+        fromDate = moment().startOf('week').local().format();
+        toDate = moment().endOf('week').local().format();
+        break;
+      case 'this-week-so-far':
+        fromDate = moment().startOf('week').local().format();
+        toDate = moment().local().format();
+        break;
+      case 'this-month':
+        fromDate = moment().startOf('month').local().format();
+        toDate = moment().endOf('month').local().format();
+        break;
+      case 'this-year':
+        fromDate = moment().startOf('year').local().format();
+        toDate = moment().endOf('year').local().format();
+        break;
+      case 'last-5-minutes':
+        fromDate = moment().subtract(5, 'minutes').local().format();
+        toDate = moment().local().format();
+        break;
+      case 'last-15-minutes':
+        fromDate = moment().subtract(15, 'minutes').local().format();
+        toDate = moment().local().format();
+        break;
+      case 'last-30-minutes':
+        fromDate = moment().subtract(30, 'minutes').local().format();
+        toDate = moment().local().format();
+        break;
+      case 'last-1-hour':
+        fromDate = moment().subtract(60, 'minutes').local().format();
+        toDate = moment().local().format();
+        break;
+      case 'last-3-hours':
+        fromDate = moment().subtract(3, 'hours').local().format();
+        toDate = moment().local().format();
+        break;
+      case 'last-6-hours':
+        fromDate = moment().subtract(6, 'hours').local().format();
+        toDate = moment().local().format();
+        break;
+      case 'last-12-hours':
+        fromDate = moment().subtract(12, 'hours').local().format();
+        toDate = moment().local().format();
+        break;
+      case 'last-24-hours':
+        fromDate = moment().subtract(24, 'hours').local().format();
+        toDate = moment().local().format();
+        break;
+      default:
+        return null;
+    }
+
+    toDate = moment(toDate).format(DEFAULT_TIMESTAMP_FORMAT);
+    fromDate = moment(fromDate).format(DEFAULT_TIMESTAMP_FORMAT);
+
+    return {toDate: toDate, fromDate: fromDate};
+  }
+}
diff --git a/metron-interface/metron-alerts/src/styles.scss b/metron-interface/metron-alerts/src/styles.scss
index b34fc39302..0958685f09 100644
--- a/metron-interface/metron-alerts/src/styles.scss
+++ b/metron-interface/metron-alerts/src/styles.scss
@@ -20,6 +20,7 @@
 @import "_variables.scss";
 @import "slider.scss";
 @import "metron-dialog.scss";
+@import "../node_modules/pikaday-time/scss/pikaday.scss";
 @import "hexagon";
 
 body,
@@ -243,6 +244,14 @@ form
   }
 }
 
+.pika-select  {
+  height: 20px;
+  -webkit-appearance: none;
+  -moz-appearance: none;
+  appearance: none;
+  padding: 0px 15px;
+}
+
 .tooltip-inner {
   opacity: 0.9;
   font-size: 11px;
@@ -258,5 +267,3 @@ hr {
   margin: 0.3rem 0;
   padding: 0;
 }
-
-