IBM Security QRadar SOAR

I've tried to run the fn_microsoft_security_graph Fn_microsoft-security_Graph and I've encountered two issue
First one is a bug in the logic for calculating the datetime range

``` ```​
Something like 

int_date=datetime.utcnow() + timedelta(hours= -alert_time_range_sec)
createdDateTime_start = int_date.isoformat() + 'Z'

The second problem I've found was actually the missing default Jinja2 template for building the incidentDTO(the default file is missing from the archieve

data/templates/msg_incident_mapping.jinja 

_{Exception in thread Thread-14:
Traceback (most recent call last):
File "/usr/lib/python2.7/threading.py", line 801, in __bootstrap_inner
self.run()
File "/usr/lib/python2.7/threading.py", line 754, in run
self.__target(*self.__args, **self.__kwargs)
File "~/fn_microsoft_security_graph-1.0.0/fn_microsoft_security_graph/components/microsoft_security_graph_alerts_integrations.py", line 199, in msg_polling_thread
incident_payload = build_incident_dto(alert, self.options.get("incident_template"))
File "~/fn_microsoft_security_graph-1.0.0/fn_microsoft_security_graph/components/microsoft_security_graph_alerts_integrations.py", line 304, in build_incident_dto
with open(template_file, 'r') as template:
IOError: [Errno 2] No such file or directory: '~/fn_microsoft_security_graph-1.0.0/fn_microsoft_security_graph/components/../data/templates/msg_incident_mapping.jinja'}

------------------------------
Marian Craciunescu
------------------------------

Hi Marian,
Thank you for visiting the community and raising this with us. 

I will get in contact with an engineer to see if we can locate that Jinja template for you and ideally update the package.

------------------------------
Ryan Gordon
Security Software Engineer
IBM
------------------------------

Original Message:
Sent: Wed May 15, 2019 08:57 AM
From: Marian Craciunescu
Subject: fn_microsoft_security_graph errors

I've tried to run the fn_microsoft_security_graph Fn_microsoft-security_Graph and I've encountered two issue
First one is a bug in the logic for calculating the datetime range

```

createdDateTime_filter = ""

if alert_time_range_sec:
       #here should be a timedelta in order to substract the passed alert_time_range_sec.

createdDateTime_start = datetime.utcnow().isoformat() + 'Z' 

createdDateTime_filter = "createdDateTime%20ge%20{}".format(createdDateTime_start)

```​
Something like 

int_date=datetime.utcnow() + timedelta(hours= -alert_time_range_sec)
createdDateTime_start = int_date.isoformat() + 'Z'

The second problem I've found was actually the missing default Jinja2 template for building the incidentDTO(the default file is missing from the archieve

data/templates/msg_incident_mapping.jinja 

<sub>Exception in thread Thread-14:
Traceback (most recent call last):
File "/usr/lib/python2.7/threading.py", line 801, in __bootstrap_inner
self.run()
File "/usr/lib/python2.7/threading.py", line 754, in run
self.__target(*self.__args, **self.__kwargs)
File "~/fn_microsoft_security_graph-1.0.0/fn_microsoft_security_graph/components/microsoft_security_graph_alerts_integrations.py", line 199, in msg_polling_thread
incident_payload = build_incident_dto(alert, self.options.get("incident_template"))
File "~/fn_microsoft_security_graph-1.0.0/fn_microsoft_security_graph/components/microsoft_security_graph_alerts_integrations.py", line 304, in build_incident_dto
with open(template_file, 'r') as template:
IOError: [Errno 2] No such file or directory: '~/fn_microsoft_security_graph-1.0.0/fn_microsoft_security_graph/components/../data/templates/msg_incident_mapping.jinja'</sub>

------------------------------
Marian Craciunescu
------------------------------