CAR_2013_04_002 error

Question

CAR_2013_04_002 error

infosec-alchemist opened this issue 7 years ago · comments

This analytic caused an error:
File "/usr/share/unfetter/src/CAR_2013_04_002.py", line 129, in group_suspicous_processes
item[1]['utc_datetime'] = datetime.strptime(item[1]['utc_time'], "%Y-%m-%d %H:%M:%S.%f")
time data '2016-12-08T07:42:04Z' does not match format '%Y-%m-%d %H:%M:%S.%f'

Anne Isabelle "Anya" Macedo · Answer 1 · Wed Jun 21 2017 22:52:29 GMT+0800 (China Standard Time)

@infosec-alchemist could the filter be like this? '%Y-%m-%dT%H:%M:%SZ'
It's kinda hacky, but works.
It appears this time data complies to RFC 3339. There's an open issue on Python about that.

You can also use dateutil.parser

Just for the record, the line you are talking about is located here

Alchemist · Answer 2 · Thu Jun 22 2017 12:08:56 GMT+0800 (China Standard Time)

Oh thanks. I'll give that a shot

Anne Isabelle "Anya" Macedo · Answer 3 · Thu Jun 22 2017 19:28:03 GMT+0800 (China Standard Time)

;)

…

On Jun 22, 2017 1:08 AM, "Alchemist" ***@***.***> wrote: Oh thanks. I'll give that a shot — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#1 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AHMxFVbYKMJf29OEY1NZY8xteMisux7Wks5sGejZgaJpZM4MNOmr> .