IBM QRadar SOAR

Hi Team,

Could someone help me with the following:
I need to calculate the time difference between now and a value that I have in a table.

I was thinking to use the Python DateTime module for that but it looks like we can not import this module to Resilient (or I failed with that).

The idea behind the task is to get information about the latest event from Qradar and calculate the time difference between now and the latest event time.
To get the latest event time from Qradar I am using built-in Qradar query function and want to do this calculation in a post action script.

If you have any idea how to do it, I would be much appreciated.

BR,
Alex.

------------------------------
Alexander Saulenko
------------------------------

Hi Alex,

You can try:
from java.util import Date 
in the post-process script.

Please check the example 9 in article https://success.resilientsystems.com/hc/en-us/articles/115001805365-In-Product-Script-Examples which provide a sample script to calculate the time difference.

------------------------------
LILY WANG
------------------------------

Original Message:
Sent: Fri May 31, 2019 10:05 AM
From: Alexander Saulenko
Subject: Calculate time difference

Hi Team,

Could someone help me with the following:
I need to calculate the time difference between now and a value that I have in a table.

I was thinking to use the Python DateTime module for that but it looks like we can not import this module to Resilient (or I failed with that).

The idea behind the task is to get information about the latest event from Qradar and calculate the time difference between now and the latest event time.
To get the latest event time from Qradar I am using built-in Qradar query function and want to do this calculation in a post action script.

If you have any idea how to do it, I would be much appreciated.

BR,
Alex.

------------------------------
Alexander Saulenko
------------------------------

Hi Lily,
Thank you for your reply. The link which you provided helped me to solve the task.

BR,
Alex.

------------------------------
Alexander Saulenko
------------------------------

Original Message:
Sent: Sun June 02, 2019 07:41 PM
From: LILY WANG
Subject: Calculate time difference

Hi Alex,

You can try:
from java.util import Date 
in the post-process script.

Please check the example 9 in article https://success.resilientsystems.com/hc/en-us/articles/115001805365-In-Product-Script-Examples which provide a sample script to calculate the time difference.

------------------------------
LILY WANG

Original Message:
Sent: Fri May 31, 2019 10:05 AM
From: Alexander Saulenko
Subject: Calculate time difference

Hi Team,

Could someone help me with the following:
I need to calculate the time difference between now and a value that I have in a table.

I was thinking to use the Python DateTime module for that but it looks like we can not import this module to Resilient (or I failed with that).

The idea behind the task is to get information about the latest event from Qradar and calculate the time difference between now and the latest event time.
To get the latest event time from Qradar I am using built-in Qradar query function and want to do this calculation in a post action script.

If you have any idea how to do it, I would be much appreciated.

BR,
Alex.

------------------------------
Alexander Saulenko
------------------------------