Using the 'lastSeen' Filter on Tenable.sc Analysis

[hchb2000]

I can't seem to find the right way to filter for vulnerabilities 31 days +. I have tried different approaches and this is the 'closer' one:

('lastSeen', '=', str(end_day) + ':' + str(start_day)

Which generates error:

"error_code":146,"error_msg":"End day must be later (i.e. less than) than start day. Filter 'lastSeen' must be in the following format: :

The values I am using for those variables are:

end_day = 1625716800
start_day = 647409600

The way I am obtaining those timestamps is by doing something like this:

def get_timestamp(year, month, day):
dt = datetime(year=year, month=month, day=day)
return int(dt.timestamp())

end_day = get_timestamp(2021,7,8)

start_day = get_timestamp(1990,7,8)

I have tried with regular date format instead of timestamps, I tried using () or <> for each value, but still nothing. If anyone has done it and can help me, I would very much appreciate it!!!

[SteveMcGrath]

I would instead recommend using the same approach that the UI uses, which is based on the number of calendar days from today. To get everything OLDER than 30 days, you would do the following:

filter = ('lastSeen', '=', '30:all')

If you wanted to use unit timestamps, you will need to use the - param instead like so:

import arrow

now = arrow.now()

# Now-30d ago in TS format
filter = ('lastSeen', '=', f'{now.timestamp()}-{now.shift(days=-30).timestamp()}')

[hchb2000]

Thank you sir, you nailed it! I ended up using the first option:

filter = ('lastSeen', '=', '30:all')

it worked flawlessly!

Thanks again,