Fixed timestamp from string extraction in 'ds_to_millis()' function. …

…In some cases Microsoft Security Graph Alerts will contain timestamps formatted with less than 3 digit values for microseconds.

DCO 1.1 Signed-off-by: [Rudi Meyer] [hello@rudimeyer.dk]

Description

Changed substring in ds_to_millis() from looking forward (:23) to looking backward (:-1), solving the issue of varying length of microsecond values (1-3 digits) in some alert timestamps

Motivation and Context

When using 'fn_microsoft_security_graph' extension with Resilient i get the following error: 2020-03-27 14:20:48,928 ERROR [microsoft_security_graph_alerts_integrations] 2020-03-27T11:57:22.29Z Not in expected timestamp format YYYY-MM-DDTHH:MM:SS.mmmZ Traceback (most recent call last): File "/home/integration/.local/lib/python3.6/site-packages/fn_microsoft_security_graph/components/microsoft_security_graph_alerts_integrations.py", line 394, in ds_to_millis dt = datetime.strptime(ts, ts_format) File "/usr/lib64/python3.6/_strptime.py", line 565, in _strptime_datetime tt, fraction = _strptime(data_string, format) File "/usr/lib64/python3.6/_strptime.py", line 365, in _strptime data_string[found.end():]) ValueError: unconverted data remains: Z

How Has This Been Tested?

I tested this in my Resilient test installation. I have updated the existing test for ds_to_millis() to reflect the new requirement.

Checklist:

[x] I have added a Signed-off-by
[x] Either no new documentation is required by this change, OR I added new documentation
[x] Either no new tests are required by this change, OR I added new tests
[] I have run pep8 and pylint. I have cleaned up all valid errors and warnings in code I have added or modified. These tools may generate false positives. Don't be worried about ignoring some errors or warnings. The goal is clean, consistent, and readable code.

Signed-off-by: Rudi Meyer hello@rudimeyer.dk

ibmresilient / resilient-community-apps