All Apps and Add-ons

Help with Netskope Breach_date calculation

usmsplunksme
Explorer

HI,

In the "Compromised Credential" alert type there is also a field called "breach_date" but the results are not in readable format (e.g 1383436800) is someone please able to assist in calculating this field to a more readable date?

Labels (1)
0 Karma

lauruss
Observer

Hi there,

 

I know this post is old but maybe it will help someone else - I am using:

| eval breach_date=strftime(breach_date,"%d/%m/%y") 

 

 

0 Karma

Shan
Builder

Dear @usmsplunksme,

Try below option. Copy and run the code in search head, you will get the solution.
You can use eval command line in your query.

| makeresults
| eval StartTime=strftime("1383436800","%Y/%m/%d %H:%M:%S")
| table StartTime

Thanks ..

0 Karma

usmsplunksme
Explorer

Thanks for the answere that seemed to convert the string to a date and time format. but when i try and convert all entries in the extracted field it fails. my query is:

Search query | eval StartTime=strftime("extracted_field","%Y/%m/%d %H:%M:%S") | table StartTime

0 Karma

Shan
Builder

@usmsplunksme,

Can i see the extracted_field values.
what is the Error your getting, while running the query..

Thanks ..

0 Karma

usmsplunksme
Explorer

HI Shankaranath,

extracted values are:

1325376000

1338508800

1370908800

1439856000
1447286400

1447718400

1448928000

1456185600

1457049600

1457222400

1457654400

1458604800

1460073600

1464739200

1468713600

1470009600

1473206400

1475020800

1475366400

These are supposedly a date.

Thanks for the assistance

0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...