Hello,
I am trying to pull Stealthwatch Enterprise events for the last minute from Stealthwatch server v7.1.2
Here is the relevant Python code:
*******************************************************************************************************************
requestData = {
"timeRange": {"from": startTimestamp,
"to": endTimestamp
}
}
url = 'https://' + smcHost + '/sw-reporting/v1/tenants/' + smcTenantId + '/security-events/queries'
response = apiSession.request("POST", url, verify=False, data=json.dumps(requestData), headers=requestHeaders)
************************************************************************************************************************
When variables are accounted for, this is the content of requestData:
{'timeRange': {'from': '2020-09-24T16:50:00Z', 'to': '2020-09-24T16:51:00Z'}}
I get back events outside the timerange. For example, one of the events is from "2020-09-24T03:59:08Z".
Am I doing something incorrect in terms of time range?
Thanks
Tom