Help
FortiSOAR Discussions
dspille
Staff
Staff

Created on ‎10-07-2022 08:59 AM Edited on ‎10-07-2022 09:12 AM

Time in FortiSOAR - Arrow Jinja expressions

FortiSOAR uses the python arrow library to assist with dynamically rendering time. Common uses are setting the current time to be used in a field, shifting time backwards for data ingestion, or to be used in API's (The joy of working with different api's is they like to be picky about which time format to use in parameters).  I'm building this little guide on time to help others navigate all of the different possibilities that can be used in FortiSOAR.

 

Common arrow expressions

Setting the current time in epoch integer format (Datetime fields for SOAR modules expect an integer)

 (this will use the system time)

{{arrow.get().int_timestamp}} 
Output -> 1665155811

 

Setting the current time for a specific timezone. 

{{arrow.get(tzinfo = 'US/Central')}}
Output -> 2022-10-07T10:17:36.285134-05:00

 

Rewinding time to 10 minutes ago using the shift method

{{arrow.get().shift(minutes = -10)}}
Output -> 2022-10-07T15:13:51.506450+00:00

 

Now lets get a little crazy by using two methods back to back!

 

Shift time back 1 day, and reformat the output to something a bit friendlier

{{arrow.get().shift(days=-1).format("YYYY-MM-DD HH:mm:ss")}}
Output -> 2022-10-06 15:22:09

 

Arrow also support using strf time formats

Set time by using the current UTC time, and format using strf string

{{arrow.utcnow().strftime('%d-%m-%Y %H:%M:%S')}}
Output -> 07-10-2022 15:43:04

 

Less common but nifty uses

Display the month and last day of the current week (weekday is 0-6 integer based)

{{arrow.get().shift(weekday =6).format("M/D")}}
Output -> 10/9

 

Display time 1 year and 1 month in the future

{{arrow.get().shift(years= +1,months=+1).format("MM/DD/YYYY")}}
Output -> 11/07/2023

 

Two different ways to display time for the very beginning of last month

{% set generation_time = arrow.get(tzinfo ="US/Mountain").shift(months=-1).replace(day=1, hour=0,minute=0, second =0).format("YYYY-MM-DD HH:mm:ss")%}{{generation_time }}
 OR
{% set generation_time = arrow.get(tzinfo ="US/Mountain").shift(months=-1).floor('month').format("YYYY-MM-DD HH:mm:ss")%}{{generation_time }}
Output -> 2022-09-01 00:00:00

 

Feel free to test any of these expressions out in the super handy jinja editor (found in the playbook editor under Tools > Jinja Editor)

dspille_0-1665155690742.png

https://docs.fortinet.com/document/fortisoar/7.2.0/playbooks-guide/488685/dynamic-values#Jinja_Edito...

 

I've worked with SOAR for almost a year and a half now and I've got quite a bit of random jinja expressions saved up. Please comment below if there are any questions, or what other Jinja topic's would be good to give a break down on in the future.

 

Full documentation on arrow is here - https://arrow.readthedocs.io/en/latest/

FortiSOAR 

Dylan Spille
Labels:
1951
2 REPLIES 2
MuratCAN
New Contributor

Created on ‎02-24-2023 12:10 PM

Thanks.

1705
0 Kudos
MDemian
Staff
Staff

Created on ‎02-28-2023 07:23 AM

That is really helpful, Thanks a lot @dspille 

1677
0 Kudos
Announcements

Welcome to your new FortiSOAR Community!

View More

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.