When filtering in the triage alerts, two titles can show up and one may not match the title showing on the alerts within the page. 

Feed was updated after the event was tagged

EDR is comprised of two cores that handle feeds and alerts. Cbfeeds core and CbAlerts core. The cbfeeds core goes through incremental syncs every 1 hour and full syncs ever 24 hours. If an event comes in that matches a feed IOC an alert will be generated and stored in the cbalerts core. If at a later time the feed is updated with a new title during the sync, the cbalerts core is not updated with the new title. This is to keep the historical of when the alert was hit. 

The reason the facet will show different than the alert is the way it's pulled. The facets are pulled from the cbalerts core and include the unique id. <feed_id>:<report_id>. Because these do not change, both will appear. For the list of alerts, the API is picking up the title based on the current that is listed in the cbfeeds core. 

The title can only be updated one of two ways.

• The feed source owner updates the title and also updates the timestamp field. If the timestamp field is not updated, the feed info will stay the same. 
• The feed source owner deletes the report, the server then syncs and see's it's gone and lists it as is_deleted:true in the cbfeeds core. The feed owner then re-adds it using the same report id, the EDR server will see the id exists again and resyncs the reports information while setting is_deleted: false again.  

Unfortunately for item 2, if the feed source owner keeps the same timestamp, the product will still display that as the last update time. 

The title can be updated manually via Solr backend. It's not recommended to change this, however if it's required for your company policy, please reach out to support to provide instructions.