in elkserver/docker/redelk-base/redelkinstalldata/scripts/modules/enrich_tor/module.py [0:0]
def get_last_sync(self):
"""Get greynoise data from ES if less than 1 day old"""
es_query = {
"size": 1,
"sort": [{"@timestamp": {"order": "desc"}}],
"query": {"bool": {"filter": [{"term": {"iplist.name": "tor"}}]}},
}
es_results = raw_search(es_query, index="redelk-*")
self.logger.debug(es_results)
# Return the latest hit or False if not found
if es_results and len(es_results["hits"]["hits"]) > 0:
dt_str = get_value("_source.@timestamp", es_results["hits"]["hits"][0])
dtime = datetime.datetime.strptime(dt_str, "%Y-%m-%dT%H:%M:%S.%f")
return dtime
return datetime.datetime.fromtimestamp(0)