In the AWS GuardDuty data stream, the request time interval appears to be incorrectly calculated. It looks like the httpjson configuration is not correctly handling the updatedAt time interval; during the initial spin up it repeatedly asks for intervals that are zero length when ISTM they should span from the look-back interval to now. For example ({"updatedAt":{"greaterThan":"1701140400000","lessThan":"1701140400000"}}, both at 2023-11-28T03:00:00Z):
In the AWS GuardDuty data stream, the request time interval appears to be incorrectly calculated. It looks like the httpjson configuration is not correctly handling the updatedAt time interval; during the initial spin up it repeatedly asks for intervals that are zero length when ISTM they should span from the look-back interval to now. For example (
{"updatedAt":{"greaterThan":"1701140400000","lessThan":"1701140400000"}}
, both at 2023-11-28T03:00:00Z):This appears to be due to differential time calculations in the templates and occasionally we end up with non-zero intervals.