From 979419ec69f4a786642ca3411672d243852c7448 Mon Sep 17 00:00:00 2001
From: Romain Guignard <romain.guignard@filigran.io>
Date: Thu, 25 Jul 2024 18:18:29 +0200
Subject: [PATCH] stream consumption improvements

---
 README.md                                                | 4 ++--
 TA-opencti-add-on/bin/input_module_opencti_indicators.py | 7 ++++---
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 43c4aa5..72f455e 100644
--- a/README.md
+++ b/README.md
@@ -81,10 +81,10 @@ Proceed as follows to enable the ingestion of indicators:
 | Parameter       | Description                                                                                                    |
 |-----------------|----------------------------------------------------------------------------------------------------------------|
 | `Name`          | Unique name for the input being configured                                                                     |
-| `Interval`      | Time interval of input in seconds. Leave as default (0) to allow continuous execution of the ingestion process. |
+| `Interval`      | Time interval of input in seconds. Leave as default (0) to allow continuous execution of the ingestion process |
 | `Index`         | The index that the data will be stored in (default)                                                            |
 | `Stream Id`     | The Live Stream ID of the OpenCTI stream to consume                                                            |
-| `Import from`   | The number of days to go back for the initial data collection (default: 30) (optional)                                      |
+| `Import from`   | The number of days to go back for the initial data collection (default: 30) (optional)                         |
 
 4. Once the Input parameters have been correctly configured click "Add".
 
diff --git a/TA-opencti-add-on/bin/input_module_opencti_indicators.py b/TA-opencti-add-on/bin/input_module_opencti_indicators.py
index 45ba7f1..af4ae9f 100644
--- a/TA-opencti-add-on/bin/input_module_opencti_indicators.py
+++ b/TA-opencti-add-on/bin/input_module_opencti_indicators.py
@@ -276,9 +276,10 @@ def collect_events(helper, ew):
     if state is None:
         helper.log_info("No state, going to initialize it")
         import_from = helper.get_arg('import_from')
-        start_date = datetime.utcnow().replace(microsecond=0) - timedelta(days=int(import_from))
-        start_date_timestamp = int(datetime.timestamp(start_date))
-        state = {"start_from": str(start_date_timestamp)}
+        recover_until =  datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%SZ")
+        start_date = datetime.utcnow() - timedelta(days=int(import_from))
+        start_date_timestamp = int(datetime.timestamp(start_date)) * 1000
+        state = {"start_from": str(start_date_timestamp)+"-0", "recover_until": recover_until}
         helper.log_info(f"Initialized state: {state}")
     else:
         state = json.loads(state)