The alerts take too long to be viewed for me and my colleagues. Is there any troubleshooting methods to check if this was just an error or if the logs were too many?

Hi!

Could you please give more details? What is too long? How many alerts are you loading at once?
You can check on the web browser debug console which request is taking time

Hello. This is the page I'm talking about:

It took around 50 seconds to load these 10 alerts.

Hi!

Indeed it looks way too long. You can check on our demo website, the loading of this page should be around 2-3s max.

Can you elaborate on your underlying host system? Are you on HDD or SSD? How many alerts do you have?
In your alerts, do you have IOCs and Assets? How much in average per alert?

Sorry for the late reply.
For the specs, we're using HDD.
We have around 20 alerts per minute.
No, we haven't configured the IOCs and Assets to be automated, yet.

Hi!
20 alerts per minute.. so +72k alerts per day? It really looks like a lot.
IRIS isn't meant to replace a SIEM, the idea is that alerts that are sent to it should be curated so analyst can review them.
I'd recommend to:

• Lower the number of alerts
• Replace the HDD with an SSD as the bottleneck of IRIS is often the DB I/Os

Much appreciated, thank you.