Fix parsing logic cisco catalyst (#32227)

* improved parsing rules logic. * Added release note.
demisto · Jan 16, 2024 · 1d7e6f2 · 1d7e6f2
1 parent d647265
commit 1d7e6f2
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 2 deletions.
diff --git a/Packs/CiscoCatalyst/ParsingRules/CiscoCatalyst/CiscoCatalyst.xif b/Packs/CiscoCatalyst/ParsingRules/CiscoCatalyst/CiscoCatalyst.xif
@@ -11,7 +11,7 @@ filter _raw_log ~= "[A-Za-z]+\s+\d+\s+\d{4}\s+\d+\:\d+\:\d+\sUTC" or _raw_log ~=
         tmp_time_format2 = if(tmp_time_without_year != null and tmp_time_without_year != "", concat(tmp_year, " ", tmp_time_without_year), null)
 | alter
     tmp_time1_1 = parse_timestamp("%Y %b %e %H:%M:%E*S", tmp_time_format2 )
-| alter tmp_timeDiff = timestamp_diff(tmp_time1_1, current_time(), "DAY")
+| alter tmp_timeDiff = timestamp_diff(tmp_time1_1, current_time(), "MILLISECOND")
 // Check if the date is a future date
 | alter tmp_year2 = if(tmp_timeDiff > 0, to_string(subtract(to_integer(tmp_year),1)),null)
 // Create timestamp minus 1 year if the timestamp is a future one

diff --git a/Packs/CiscoCatalyst/ReleaseNotes/1_0_5.md b/Packs/CiscoCatalyst/ReleaseNotes/1_0_5.md
@@ -0,0 +1,3 @@
+#### Parsing Rules
+##### CiscoCatalyst Parsing Rule
+Improved implementation of parsing rule.
diff --git a/Packs/CiscoCatalyst/pack_metadata.json b/Packs/CiscoCatalyst/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Cisco Catalyst",
     "description": "Cisco Catalyst switch",
     "support": "xsoar",
-    "currentVersion": "1.0.4",
+    "currentVersion": "1.0.5",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",