search

tenable / integration-jira-cloud

67 stars 53 forks source link

Incorrect time format within Security Center integrations. Possibly timzone/timing issue? #292

Closed zerokid closed 3 weeks ago

zerokid commented 1 month ago

After make the second snyc call this error will return

Screenshot 2024-08-13 at 12 57 38 PM
SteveMcGrath commented 1 month ago

alrighty, should be corrected now.

zerokid commented 1 month ago

its still not working @SteveMcGrath . i think because of the timezone different

SteveMcGrath commented 1 month ago

Thats really odd, as I can't seem to replicate that. From the debug logs on 2.0.9 it appears that everything is working as expected. Timezones shouldn't matter for unix timestamps, as they count seconds since 1/1/1970 UTC. The only thing i could think of is maybe the time is wrong on the SC host itself?

Note that in the filter I'm seeing the STARTTIME-ENDTIME format expected:

{"filterName": "lastSeen", "operator": "=", "value": "1723552747-1723742640"}

Log even (formatted for readability) from a TSC sync with --verbose:

DEBUG    DEBUG:tenable.sc.TenableSC:Request: {
    "method": "POST",
    "url": "https://sc.tenalab.online/rest/analysis",
    "params": {},
    "body": {
        "type": "vuln",
        "sourceType": "cumulative",
        "query": {
            "tool": "vulndetails",
            "type": "vuln",
            "filters": [
                {"filterName": "ip", "operator": "=", "value": "10.238.64.0-10.238.64.255"},
                {"filterName": "severity", "operator": "=", "value": "2,3,4"},
                {"filterName": "lastSeen", "operator": "=", "value": "1723552747-1723742640"}
            ],
            "startOffset": 0,
            "endOffset": 1000
        }
    }
}
zerokid commented 1 month ago

This is what i notice in my config it will add the last run timestamp

Screenshot 2024-08-16 at 7 02 26 AM

as i check it actually get the wrong unix timestamp. im on gmt+8 and it suppose to reflect +8 7AM

Screenshot 2024-08-16 at 7 06 01 AM

this is my verbose output

Screenshot 2024-08-16 at 7 04 07 AM
SteveMcGrath commented 1 month ago

I'm quite confused. Looking at this:

The timestamp of the last run is set here: https://github.com/tenable/integration-jira-cloud/blob/main/tenb2jira/tenable/tenable.py#L29 The timestamp of the current run is set here: https://github.com/tenable/integration-jira-cloud/blob/main/tenb2jira/tenable/tenable.py#L89 And the timestamp filter is built here: https://github.com/tenable/integration-jira-cloud/blob/main/tenb2jira/tenable/tenable.py#L102

All of these times are on the same host, so even if timezones were an issue, they should be uniformly an issue. How you are getting 1723791640 (16-8-2024 07:00:40) to 1723762981 (8-15-2024 23:03:01) in GMT on both is odd. I'll look into this further Monday morning.

SteveMcGrath commented 3 weeks ago

so i did find something that may have caused this. spent a bit of time cleaning up all the timestamps to always use UTC regardless.

SteveMcGrath commented 3 weeks ago

Give that commit a try:

pip install https://github.com/tenable/integration-jira-cloud/archive/refs/heads/fix/timestamps.zip
SteveMcGrath commented 3 weeks ago

2.0.10 entered release with the changes