Skip to content

ti_misp: Fix the processing of ISO8601 dates #11402

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
chemamartinez merged 2 commits into from
Oct 14, 2024
Merged

ti_misp: Fix the processing of ISO8601 dates #11402

chemamartinez merged 2 commits into from
Oct 14, 2024

Conversation

@chemamartinez
Copy link
Contributor

@chemamartinez chemamartinez commented Oct 11, 2024

Proposed commit message

The current implementation assumes that first_seen and last_seen attributes are in UNIX epoch format, microseconds granularity.

Now we have seen examples of dates in ISO8601 format, as the MISP documentation states. Leading to the following error:

in the ingest pipeline on the script-default-decayed_at : Processor script with tag script-default-decayed_at 
in pipeline logs-ti_misp.threat_attributes-1.35.2 failed with message: For input string: "2024-10-06T16:48:04.000000+00:00", 
Processor date with tag date_attribute_first_seen in pipeline logs-ti_misp.threat_attributes-1.35.2 failed with message: For input string: "2024-05-11T12:54:49.000000+00", 
Processor date with tag date_attribute_last_seen in pipeline logs-ti_misp.threat_attributes-1.35.2 failed with message: For input string: "2024-10-06T16:48:04.000000+00"

Changes introduced at this PR make sure that the pipeline is able to process both formats.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

@chemamartinez chemamartinez added Integration:ti_misp MISP bugfix Pull request that fixes a bug issue Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Oct 11, 2024
@chemamartinez chemamartinez self-assigned this Oct 11, 2024
@chemamartinez chemamartinez marked this pull request as ready for review October 11, 2024 11:54
@chemamartinez chemamartinez requested a review from a team as a code owner October 11, 2024 11:54
@elasticmachine
Copy link

elasticmachine commented Oct 11, 2024

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Oct 11, 2024

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@elasticmachine
Copy link

elasticmachine commented Oct 11, 2024

💚 Build Succeeded

cc @chemamartinez

@elastic-sonarqube
Copy link

elastic-sonarqube bot commented Oct 11, 2024

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
86.7% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@efd6
Copy link
Contributor

efd6 commented Oct 13, 2024

Remember to convert the commit message from md, git history is not markdown.

@chemamartinez chemamartinez merged commit 2174cd9 into elastic:main Oct 14, 2024
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Oct 14, 2024

Package ti_misp - 1.35.6 containing this change is available at https://epr.elastic.co/search?package=ti_misp

harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 4, 2025
@chemamartinez
ti_misp: Fix the processing of ISO8601 dates (elastic#11402)
dc6b333 
The current implementation assumes that first_seen and last_seen attributes are in UNIX epoch format, microseconds granularity.

Now we have seen examples of dates in ISO8601 format, as the MISP documentation states. Changes introduced at this PR make sure that the pipeline is able to process both formats.
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 5, 2025
@chemamartinez
ti_misp: Fix the processing of ISO8601 dates (elastic#11402)
16b3ab5 
The current implementation assumes that first_seen and last_seen attributes are in UNIX epoch format, microseconds granularity.

Now we have seen examples of dates in ISO8601 format, as the MISP documentation states. Changes introduced at this PR make sure that the pipeline is able to process both formats.
@chemamartinez chemamartinez deleted the ti_misp-fix-timestamp-formats branch February 6, 2025 10:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@efd6 efd6 efd6 approved these changes

Assignees

@chemamartinez chemamartinez

Labels

bugfix Pull request that fixes a bug issue Integration:ti_misp MISP Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@chemamartinez @elasticmachine @efd6