Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
649
Views
0
Helpful
1
Replies

Problem restricting time range on queries to /security-events endpoint

ThomasKager11595
Level 1
Level 1

‎09-24-2020 10:05 AM

Hello,

 

I am trying to pull Stealthwatch Enterprise events for the last minute from Stealthwatch server v7.1.2

 

Here is the relevant Python code:

*******************************************************************************************************************

requestData = {
        "timeRange": {"from": startTimestamp,
        "to": endTimestamp
                      }
        }

 

url = 'https://' + smcHost + '/sw-reporting/v1/tenants/' + smcTenantId + '/security-events/queries'
response = apiSession.request("POST", url, verify=False, data=json.dumps(requestData), headers=requestHeaders)

************************************************************************************************************************

 

When variables are accounted for, this is the content of requestData:

{'timeRange': {'from': '2020-09-24T16:50:00Z', 'to': '2020-09-24T16:51:00Z'}}

 

I get back events outside the timerange. For example, one of the events is from "2020-09-24T03:59:08Z".

 

Am I doing something incorrect in terms of time range?

 

Thanks

Tom

Labels:
0 Helpful
1 Reply 1

ThomasKager11595
Level 1
Level 1

‎09-24-2020 12:05 PM

From a point of reference and attribution, the code above was derived from https://github.com/CiscoDevNet/stealthwatch-enterprise-sample-scripts/blob/master/python/get_security_events.py

Thanks,
Tom

0 Helpful
Customers Also Viewed These Support Documents