IBM Security QRadar SOAR

Hi team,
I have a task to calculate the time difference between the current time and the pwdlastset AD attribute.

And as I can not import a datetime library in Python code I faced with the following issue:
I can define the now variables as java object:
from java.util import Date
now = Date()

But when I use LDAP search utilities for getting pwdlastset value I got a string object (org.python.core.PyUnicode) For example - "2018-10-12 10:42:28.635733+00:00"

For converting string to epoch format I can use date.parse(datestring) method but it is successful only for RFC2822 dateime format. Example:
EPOCHdate = Date.parse("November 08, 2018 5:22 AM +0000")
log.info(EPOCHdate)->1541654520000L

in case if I try:
EPOCHdate = Date.parse("018-10-12 10:42:28.635733+00:00")
I got the error: "Script execution failed with message 'java.lang.IllegalArgumentException"

That is why I have to convert the string "2018-10-12 10:42:28.635733+00:00" to RFC2822 format but I do not know how to do it without the datetime library.

If you have an idea of how to convert the string into the proper format without using regexp - please let me know.

BR,
Alex

P.S. I have solved this task by writing a parsing script with regex.

------------------------------
Alexander Saulenko
------------------------------

Hi Alexander,

Based on the format you're presenting here, I don't think this is possible without regex.
The problem is the nanoseconds component, i.e. the inclusion of the . character in the string.

I believe the only valid characters that may appear in the string passed to the parse() method are:
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
0123456789,+-:/
(plus whitespace)

------------------------------
Paul Curran
------------------------------

Original Message:
Sent: Wed August 21, 2019 09:03 AM
From: Alexander Saulenko
Subject: Convert date format to RFC2822

Hi team,
I have a task to calculate the time difference between the current time and the pwdlastset AD attribute.

And as I can not import a datetime library in Python code I faced with the following issue:
I can define the now variables as java object:
from java.util import Date
now = Date()

But when I use LDAP search utilities for getting pwdlastset value I got a string object (org.python.core.PyUnicode) For example - "2018-10-12 10:42:28.635733+00:00"

For converting string to epoch format I can use date.parse(datestring) method but it is successful only for RFC2822 dateime format. Example:
EPOCHdate = Date.parse("November 08, 2018 5:22 AM +0000")
log.info(EPOCHdate)->1541654520000L

in case if I try:
EPOCHdate = Date.parse("018-10-12 10:42:28.635733+00:00")
I got the error: "Script execution failed with message 'java.lang.IllegalArgumentException"

That is why I have to convert the string "2018-10-12 10:42:28.635733+00:00" to RFC2822 format but I do not know how to do it without the datetime library.

If you have an idea of how to convert the string into the proper format without using regexp - please let me know.

BR,
Alex

P.S. I have solved this task by writing a parsing script with regex.

------------------------------
Alexander Saulenko
------------------------------

Hi Paul,
Thank you for your comment!
BR,
Alex.

------------------------------
Alexander Saulenko
------------------------------

Original Message:
Sent: Wed August 21, 2019 12:12 PM
From: Paul Curran
Subject: Convert date format to RFC2822

Hi Alexander,

Based on the format you're presenting here, I don't think this is possible without regex.
The problem is the nanoseconds component, i.e. the inclusion of the . character in the string.

I believe the only valid characters that may appear in the string passed to the parse() method are:
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
0123456789,+-:/
(plus whitespace)

------------------------------
Paul Curran

Original Message:
Sent: Wed August 21, 2019 09:03 AM
From: Alexander Saulenko
Subject: Convert date format to RFC2822

Hi team,
I have a task to calculate the time difference between the current time and the pwdlastset AD attribute.

And as I can not import a datetime library in Python code I faced with the following issue:
I can define the now variables as java object:
from java.util import Date
now = Date()

But when I use LDAP search utilities for getting pwdlastset value I got a string object (org.python.core.PyUnicode) For example - "2018-10-12 10:42:28.635733+00:00"

For converting string to epoch format I can use date.parse(datestring) method but it is successful only for RFC2822 dateime format. Example:
EPOCHdate = Date.parse("November 08, 2018 5:22 AM +0000")
log.info(EPOCHdate)->1541654520000L

in case if I try:
EPOCHdate = Date.parse("018-10-12 10:42:28.635733+00:00")
I got the error: "Script execution failed with message 'java.lang.IllegalArgumentException"

That is why I have to convert the string "2018-10-12 10:42:28.635733+00:00" to RFC2822 format but I do not know how to do it without the datetime library.

If you have an idea of how to convert the string into the proper format without using regexp - please let me know.

BR,
Alex

P.S. I have solved this task by writing a parsing script with regex.

------------------------------
Alexander Saulenko
------------------------------