search

certtools / intelmq

IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
https://docs.intelmq.org/latest/
GNU Affero General Public License v3.0
976 stars 296 forks source link

Generic CSV parser: time conversion and time format #2105

Open MariusUrkis opened 3 years ago

MariusUrkis commented 3 years ago

When CSV parser parses the file and event line contains time format like %d-%m-%Y, fuzzy time conversion fails to guess correct time format. Example of the feed is http://benkow.cc/export.php Fuzzy conversion works with such date entries:

DateTime.convert_fuzzy('12-08-2021') '2021-12-08T00:00:00' And correct with days >12 : DateTime.convert_fuzzy('16-08-2021') '2021-08-16T00:00:00'

Probably better option to use from_format:

DateTime.convert_from_format('12-08-2021', '%d-%m-%Y') '2021-08-12T00:00:00+00:00'

ghost commented 3 years ago

The parameter time_format of the CSV Parser could be extended for this purpose