stream consumption improvements

OpenCTI-Platform · Jul 25, 2024 · 979419e · 979419e
1 parent a600a3c
commit 979419e
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -81,10 +81,10 @@ Proceed as follows to enable the ingestion of indicators:
 | Parameter       | Description                                                                                                    |
 |-----------------|----------------------------------------------------------------------------------------------------------------|
 | `Name`          | Unique name for the input being configured                                                                     |
-| `Interval`      | Time interval of input in seconds. Leave as default (0) to allow continuous execution of the ingestion process. |
+| `Interval`      | Time interval of input in seconds. Leave as default (0) to allow continuous execution of the ingestion process |
 | `Index`         | The index that the data will be stored in (default)                                                            |
 | `Stream Id`     | The Live Stream ID of the OpenCTI stream to consume                                                            |
-| `Import from`   | The number of days to go back for the initial data collection (default: 30) (optional)                                      |
+| `Import from`   | The number of days to go back for the initial data collection (default: 30) (optional)                         |
 
 4. Once the Input parameters have been correctly configured click "Add".
 

diff --git a/TA-opencti-add-on/bin/input_module_opencti_indicators.py b/TA-opencti-add-on/bin/input_module_opencti_indicators.py
@@ -276,9 +276,10 @@ def collect_events(helper, ew):
     if state is None:
         helper.log_info("No state, going to initialize it")
         import_from = helper.get_arg('import_from')
-        start_date = datetime.utcnow().replace(microsecond=0) - timedelta(days=int(import_from))
-        start_date_timestamp = int(datetime.timestamp(start_date))
-        state = {"start_from": str(start_date_timestamp)}
+        recover_until =  datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%SZ")
+        start_date = datetime.utcnow() - timedelta(days=int(import_from))
+        start_date_timestamp = int(datetime.timestamp(start_date)) * 1000
+        state = {"start_from": str(start_date_timestamp)+"-0", "recover_until": recover_until}
         helper.log_info(f"Initialized state: {state}")
     else:
         state = json.loads(state)