moloch--
commented
5 years ago I thought I had documented this in help but it certainly appears that I did not. If anyone comes across this issue, the expected time format should be RFC1123, for example:
time.Now().Format(time.RFC1123) // "Mon, 08 Jul 2019 10:02:43 CDT"We may add more liberal date/time parsing options later on but Go has this one built-in. I'm also on board for having "don't execute before limits."
Is your feature request related to a problem? Please describe. Time-based execution limit currently "limit[s] execution to before datetime".
First of all, this message doesn't cover the expected date/time format (but this is more related to #42).
More importantly, I think it would make more sense to make the implant execute only after a preset time, so the caching mechanisms of AVs can be abused: let the sample be analyzed and marked as safe at T, then execute at T+t with a different behavior.
Describe the solution you'd like
Make the Sliver execute only when a preconfigured time is reached.
It would also be nice if date and time limits could be configured separately (e.g. only run after 9 PM any given day).
Describe alternatives you've considered
The current feature can be useful to make the implants expire (so they won'T cause any trouble after an engagement), so probably having a general, flexible timeframe configuration would be the best.
Additional context
N/A