cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
721
Views
0
Helpful
1
Replies

Problem restricting time range on queries to /security-events endpoint

Hello,

 

I am trying to pull Stealthwatch Enterprise events for the last minute from Stealthwatch server v7.1.2

 

Here is the relevant Python code:

*******************************************************************************************************************

requestData = {
        "timeRange": {"from": startTimestamp,
        "to": endTimestamp
                      }
        }

 

url = 'https://' + smcHost + '/sw-reporting/v1/tenants/' + smcTenantId + '/security-events/queries'
response = apiSession.request("POST", url, verify=False, data=json.dumps(requestData), headers=requestHeaders)

************************************************************************************************************************

 

When variables are accounted for, this is the content of requestData:

{'timeRange': {'from': '2020-09-24T16:50:00Z', 'to': '2020-09-24T16:51:00Z'}}

 

I get back events outside the timerange. For example, one of the events is from "2020-09-24T03:59:08Z".

 

Am I doing something incorrect in terms of time range?

 

Thanks

Tom

1 Reply 1

From a point of reference and attribution, the code above was derived from https://github.com/CiscoDevNet/stealthwatch-enterprise-sample-scripts/blob/master/python/get_security_events.py

Thanks,
Tom