Cisco integrations - fix format_timestamp method (#26140)

* fix format_timestamp method

* remove format_last_run, format_quarantine_timestamp
fix format_timestamp

* remove format_last_run, format_quarantine_timestamp
fix format_timestamp

* update docker
update RN

* Bump pack from version IronPort to 2.0.6.

* Bump pack from version CiscoSMA to 1.1.11.

---------

Co-authored-by: Content Bot <bot@demisto.com>

Packs/CiscoSMA/Integrations/CiscoSMA/CiscoSMA.py

@@ -655,45 +655,24 @@ def format_reporting_datetime(time_expression: str) -> str:
     return arg_to_datetime(time_expression).strftime(CISCO_REPORTING_TIME_FORMAT)  # type: ignore
 
 
-def format_timestamp(timestamp: str) -> str:
+def format_timestamp(timestamp: str, output_format: str = DATETIME_FORMAT) -> str:
     """
     Format Cisco SMA timestamp to datetime string.
 
     Args:
         timestamp (str): Cisco SMA timestamp.
+        output_format (str): The format of the return date.
 
     Returns:
         str: Datetime formatted string.
     """
-    return datetime.strptime(timestamp, TIMESTAMP_FORMAT).strftime(DATETIME_FORMAT)
 
-
-def format_quarantine_timestamp(timestamp: str) -> str:
-    """
-    Format Cisco SMA Quarantine timestamp to datetime string.
-
-    Args:
-        timestamp (str): Cisco SMA quarantine timestamp.
-
-    Returns:
-        str: Datetime formatted string.
-    """
-    return datetime.strptime(timestamp, QUARANTINE_TIMESTAMP_FORMAT).strftime(
-        DATETIME_FORMAT
-    )
-
-
-def format_last_run(last_run: str) -> str:
-    """
-    Format fetch incidents last run to Cisco SMA datetime format.
-
-    Args:
-        last_run (str): Fetch incidents last run.
-
-    Returns:
-        str: Datetime formatted string.
-    """
-    return datetime.strptime(last_run, DATETIME_FORMAT).strftime(CISCO_TIME_FORMAT)
+    try:
+        datetime_res = arg_to_datetime(timestamp)
+    except ValueError:
+        timestamp = timestamp.replace('GMT ', 'GMT')
+        datetime_res = arg_to_datetime(timestamp)
+    return datetime_res.strftime(output_format)  # type: ignore
 
 
 def format_number_list_argument(number_list_string: str) -> List[int]:
@@ -1760,7 +1739,7 @@ def fetch_incidents(
     """
     start_time = last_run.get("start_time")
     start_date = (
-        format_last_run(start_time) if start_time else format_datetime(first_fetch)
+        format_timestamp(start_time, output_format=CISCO_TIME_FORMAT) if start_time else format_datetime(first_fetch)
     )
     end_date = format_datetime("now")
     quarantine_type = QUARANTINE_TYPE
@@ -1788,8 +1767,8 @@ def fetch_incidents(
     incidents: List[Dict[str, Any]] = []
     last_minute_incident_ids = last_run.get("last_minute_incident_ids", [])
     for incident in quarantine_messages:
-        incident_datetime = format_quarantine_timestamp(
-            dict_safe_get(incident, ["attributes", "date"])
+        incident_datetime = format_timestamp(
+            dict_safe_get(incident, ["attributes", "date"]),
         )
         message_id = incident.get("mid")
         if (

Packs/CiscoSMA/Integrations/CiscoSMA/CiscoSMA_test.py

@@ -825,3 +825,44 @@ def test_format_custom_query_args(custom_query_argument, expected_result):
     result = format_custom_query_args(custom_query_argument)
 
     assert result == expected_result
+
+
+@pytest.mark.parametrize(
+    "timestamp,output_format,expected_result",
+    [
+        (
+            "07 Sep 2022 09:08:03 (GMT)",
+            "%Y-%m-%dT%H:%M:%SZ",
+            "2022-09-07T09:08:03Z"
+        ),
+        (
+            "24 Apr 2023 10:14:50 (GMT -05:00)",
+            "%Y-%m-%dT%H:%M:00.000Z",
+            "2023-04-24T15:14:00.000Z"
+        ),
+        (
+            "24 Apr 2023 10:14:50 (GMT-06:00)",
+            "%Y-%m-%dT%H:%M:%SZ",
+            "2023-04-24T16:14:50Z"
+        ),
+        (
+            "24 Apr 2023 10:14:50 (GMT +01:00)",
+            "%Y-%m-%dT%H:%M:%SZ",
+            "2023-04-24T09:14:50Z"
+        )
+    ],
+)
+def test_format_timestamp(timestamp, output_format, expected_result):
+    """
+    Given:
+     - timestamps strings.
+    When:
+     - format_timestamp function called.
+    Then:
+     - Ensure result is correct.
+    """
+    from CiscoSMA import format_timestamp
+
+    result = format_timestamp(timestamp, output_format)
+
+    assert result == expected_result

Packs/CiscoSMA/ReleaseNotes/1_1_11.md

@@ -0,0 +1,4 @@
+#### Integrations
+##### Cisco Security Management Appliance
+- Fixed an issue where dates received from Cisco is not in UTC timezone.
+- Updated the Docker image to: *demisto/python3:3.10.11.56082*.

Packs/CiscoSMA/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "CiscoSMA",
     "description": "The Security Management Appliance (SMA) is used to centralize services from Email Security Appliances (ESAs) and Web Security Appliances (WSAs).",
     "support": "xsoar",
-    "currentVersion": "1.1.10",
+    "currentVersion": "1.1.11",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",
@@ -23,4 +23,4 @@
         "xsoar",
         "marketplacev2"
     ]
-}
+}

Packs/IronPort/Integrations/CiscoEmailSecurityApplianceIronPortV2/CiscoEmailSecurityApplianceIronPortV2.py

@@ -644,45 +644,23 @@ def format_reporting_datetime(time_expression: str) -> str:
     return arg_to_datetime(time_expression).strftime(CISCO_REPORTING_TIME_FORMAT)  # type: ignore
 
 
-def format_timestamp(timestamp: str) -> str:
+def format_timestamp(timestamp: str, output_format: str = DATETIME_FORMAT) -> str:
     """
     Format Cisco ESA timestamp to datetime string.
 
     Args:
         timestamp (str): Cisco ESA timestamp.
+        output_format (str): The format of the return date.
 
     Returns:
         str: Datetime formatted string.
     """
-    return datetime.strptime(timestamp, TIMESTAMP_FORMAT).strftime(DATETIME_FORMAT)
-
-
-def format_quarantine_timestamp(timestamp: str) -> str:
-    """
-    Format Cisco ESA Quarantine timestamp to datetime string.
-
-    Args:
-        timestamp (str): Cisco ESA quarantine timestamp.
-
-    Returns:
-        str: Datetime formatted string.
-    """
-    return datetime.strptime(timestamp, QUARANTINE_TIMESTAMP_FORMAT).strftime(
-        DATETIME_FORMAT
-    )
-
-
-def format_last_run(last_run: str) -> str:
-    """
-    Format fetch incidents last run to Cisco ESA datetime format.
-
-    Args:
-        last_run (str): Fetch incidents last run.
-
-    Returns:
-        str: Datetime formatted string.
-    """
-    return datetime.strptime(last_run, DATETIME_FORMAT).strftime(CISCO_TIME_FORMAT)
+    try:
+        datetime_res = arg_to_datetime(timestamp)
+    except ValueError:
+        timestamp = timestamp.replace('GMT ', 'GMT')
+        datetime_res = arg_to_datetime(timestamp)
+    return datetime_res.strftime(output_format)  # type: ignore
 
 
 def format_number_list_argument(number_list_string: str) -> List[int]:
@@ -1742,7 +1720,8 @@ def fetch_incidents(
     """
     start_time = last_run.get("start_time")
     start_date = (
-        format_last_run(start_time) if start_time else format_datetime(first_fetch)
+        format_timestamp(start_time, output_format=CISCO_TIME_FORMAT) if start_time
+        else format_datetime(first_fetch)
     )
     end_date = format_datetime("now")
     quarantine_type = QUARANTINE_TYPE
@@ -1768,7 +1747,7 @@ def fetch_incidents(
     incidents: List[Dict[str, Any]] = []
     last_minute_incident_ids = last_run.get("last_minute_incident_ids", [])
     for incident in quarantine_messages:
-        incident_datetime = format_quarantine_timestamp(
+        incident_datetime = format_timestamp(
             dict_safe_get(incident, ["attributes", "date"])
         )
         message_id = incident.get("mid")

Packs/IronPort/Integrations/CiscoEmailSecurityApplianceIronPortV2/CiscoEmailSecurityApplianceIronPortV2_test.py

@@ -835,3 +835,44 @@ def test_format_custom_query_args(
     result = format_custom_query_args(custom_query_argument)
 
     assert result == expected_result
+
+
+@pytest.mark.parametrize(
+    "timestamp,output_format,expected_result",
+    [
+        (
+            "07 Sep 2022 09:08:03 (GMT)",
+            "%Y-%m-%dT%H:%M:%SZ",
+            "2022-09-07T09:08:03Z"
+        ),
+        (
+            "24 Apr 2023 10:14:50 (GMT -05:00)",
+            "%Y-%m-%dT%H:%M:00.000Z",
+            "2023-04-24T15:14:00.000Z"
+        ),
+        (
+            "24 Apr 2023 10:14:50 (GMT-06:00)",
+            "%Y-%m-%dT%H:%M:%SZ",
+            "2023-04-24T16:14:50Z"
+        ),
+        (
+            "24 Apr 2023 10:14:50 (GMT +01:00)",
+            "%Y-%m-%dT%H:%M:%SZ",
+            "2023-04-24T09:14:50Z"
+        )
+    ],
+)
+def test_format_timestamp(timestamp, output_format, expected_result):
+    """
+    Given:
+     - timestamps strings.
+    When:
+     - format_timestamp function called.
+    Then:
+     - Ensure result is correct.
+    """
+    from CiscoEmailSecurityApplianceIronPortV2 import format_timestamp
+
+    result = format_timestamp(timestamp, output_format)
+
+    assert result == expected_result

Packs/IronPort/ReleaseNotes/2_0_6.md

@@ -0,0 +1,4 @@
+#### Integrations
+##### Cisco ESA
+- Fixed an issue where dates received from Cisco is not in UTC timezone.
+- Updated the Docker image to: *demisto/python3:3.10.11.56082*.

Packs/IronPort/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Cisco Email Security Appliance (IronPort)",
     "description": "Cisco Email Security protects against ransomware, business email compromise, spoofing, and phishing",
     "support": "xsoar",
-    "currentVersion": "2.0.5",
+    "currentVersion": "2.0.6",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",