Fix feed unit42 intel object (demisto#24636)

* Added validation for the create time in publication

* Added UT

* updated release notes

* Updated docker image

* Update Packs/Unit42Intel/ReleaseNotes/1_0_5.md

* Updated docker image

Packs/Unit42Intel/Integrations/FeedUnit42IntelObjects/FeedUnit42IntelObjects.py

@@ -11,7 +11,7 @@
 ''' CONSTANTS '''
 
 DATE_FORMAT = '%Y-%m-%dT%H:%M:%SZ'  # ISO8601 format with UTC, default in XSOAR
-
+DEFAULT_YEAR = datetime(1970, 1, 1)
 AF_TAGS_DATE_FORMAT = '%Y-%m-%d %H:%M:%S'
 
 TAG_CLASS_TO_DEMISTO_TYPE = {
@@ -286,6 +286,19 @@ def get_tag_groups_names(tag_groups: list) -> list:
     return results
 
 
+def validate_created_time_from_refs(created_time: str) -> str:
+    """
+    Validate that created_time is a valid date time and convert it to server timestamp format.
+    Args:
+        created_time: The publication created time.
+    Returns:
+        Formatted timestamp publication object.
+    """
+    if parsed_date_time := dateparser.parse(created_time, settings={'RELATIVE_BASE': DEFAULT_YEAR}):
+        return datetime.strftime(parsed_date_time, DATE_FORMAT)
+    return ''
+
+
 def create_publications(refs: list) -> list:
     """
     Creates the publications list of the indicator
@@ -300,7 +313,7 @@ def create_publications(refs: list) -> list:
         for ref in refs:
             url = ref.get('url', '')
             source = ref.get('source', '')
-            time_stamp = ref.get('created', '')
+            time_stamp = validate_created_time_from_refs(ref.get('created', ''))
             title = ref.get('title', '')
             publications.append({'link': url, 'title': title, 'source': source, 'timestamp': time_stamp})
     return publications

Packs/Unit42Intel/Integrations/FeedUnit42IntelObjects/FeedUnit42IntelObjects.yml

@@ -120,7 +120,7 @@ script:
     description: Gets indicators from the feed.
     execution: false
     name: unit42intel-objects-feed-get-indicators
-  dockerimage: demisto/python3:3.10.5.31797
+  dockerimage: demisto/python3:3.10.10.48392
   feed: true
   isfetch: false
   longRunning: false

Packs/Unit42Intel/Integrations/FeedUnit42IntelObjects/FeedUnit42IntelObjects_test.py

@@ -1,6 +1,8 @@
 import io
 import json
 
+import pytest
+
 from FeedUnit42IntelObjects import (Client, fetch_indicators_command,
                                     incremental_level_fetch)
 
@@ -61,3 +63,25 @@ def test_user_secrets():
     client = Client(api_key='%%This_is_API_key%%', base_url='url', verify=False, proxy=False)
     res = LOG(client.headers)
     assert "%%This_is_API_key%%" not in res
+
+
+def test_validate_created_time_from_refs():
+    from FeedUnit42IntelObjects import validate_created_time_from_refs
+    tags = util_load_json('test_data/build_iterator_results.json')
+    for tag in tags:
+        refs = json.loads(tag.get("tag", {}).get("refs", ''))[0]
+        created = refs.get("created", '')
+        res = validate_created_time_from_refs(created)
+        assert res == f'{created}Z'
+
+
+@pytest.mark.parametrize('created, expected_result', [
+    ('2016--08-10T14:27:05', '2016-08-10T14:27:05Z'),
+    ('2016', '2016-01-01T00:00:00Z'),
+    ('1-1', '1970-01-01T00:00:00Z'),
+    ('Test wrong format', '')
+])
+def test_validate_created_time_from_refs_incorrect_format(created, expected_result):
+    from FeedUnit42IntelObjects import validate_created_time_from_refs
+    res = validate_created_time_from_refs(created)
+    assert res == expected_result

Packs/Unit42Intel/Integrations/FeedUnit42IntelObjects/test_data/fetch_indicators_results.json

@@ -14,7 +14,7 @@
       "link": "http://www.example.com",
       "title": "some title",
       "source": "some source",
-      "timestamp": "2016-08-10T14:27:05"
+      "timestamp": "2016-08-10T14:27:05Z"
     }]
   }
 }

Packs/Unit42Intel/ReleaseNotes/1_0_5.md

@@ -0,0 +1,6 @@
+
+#### Integrations
+##### Unit 42 Intel Objects Feed
+- Updated the Docker image to: *demisto/python3:3.10.10.48392*.
+
+Fixed an issue where the ***fetch-indicators*** command parses the publication created field incorrectly.

Packs/Unit42Intel/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Unit 42 Intel",
     "description": "Use the Unit 42 Intel pack to enrich your Threat Intel Library with Palo Alto Networks threat intelligence.",
     "support": "xsoar",
-    "currentVersion": "1.0.4",
+    "currentVersion": "1.0.5",
     "author": "Cortex XSOAR",
     "serverMinVersion": "6.5.0",
     "url": "https://www.paloaltonetworks.com/cortex",