MISP: align Report created/published timestamps with event publication time by Copilot · Pull Request #6489 · OpenCTI-Platform/connectors

Copilot · 2026-05-21T21:36:59Z

MISP-ingested reports could show an OpenCTI "original creation date" earlier than the source report publication. This came from deriving report creation metadata from Event.date instead of the actual publication timestamp.

Timestamp source correction (Report metadata)
- Updated EventConverter.create_report() to prefer Event.publish_timestamp for Report.created and Report.published when available (> 0).
- This aligns OpenCTI report creation metadata with MISP event publication time.
Safe fallback behavior
- When publish_timestamp is missing/zero, fallback remains Event.date.
- Fallback now handles both naive and timezone-aware ISO dates without losing timezone semantics.
Regression coverage
- Added focused tests for:
  - publish-timestamp-first behavior
  - fallback-to-date behavior
  - preserving modified from Event.timestamp

if event.Event.publish_timestamp and int(event.Event.publish_timestamp) > 0:
    created_at = datetime.fromtimestamp(int(event.Event.publish_timestamp), tz=timezone.utc)
else:
    event_date = datetime.fromisoformat(event.Event.date)
    created_at = (
        event_date.astimezone(tz=timezone.utc)
        if event_date.tzinfo
        else event_date.replace(tzinfo=timezone.utc)
    )

Agent-Logs-Url: https://github.com/OpenCTI-Platform/connectors/sessions/26ab866a-f6a4-4dc3-99fc-cac2982ed6dc Co-authored-by: SamuelHassine <1334279+SamuelHassine@users.noreply.github.com>

Initial plan

cdc1c94

Copilot AI assigned Copilot and SamuelHassine May 21, 2026

Copilot started work on behalf of SamuelHassine May 21, 2026 21:56 View session

Copilot AI linked an issue May 21, 2026 that may be closed by this pull request

Timestamp issue #4803

Open

Copilot AI and others added 2 commits May 21, 2026 22:01

fix(misp): use publish timestamp for report creation dates

1f9ae6d

Agent-Logs-Url: https://github.com/OpenCTI-Platform/connectors/sessions/26ab866a-f6a4-4dc3-99fc-cac2982ed6dc Co-authored-by: SamuelHassine <1334279+SamuelHassine@users.noreply.github.com>

fix(misp): preserve timezone-aware event date fallback

f11b031

Agent-Logs-Url: https://github.com/OpenCTI-Platform/connectors/sessions/26ab866a-f6a4-4dc3-99fc-cac2982ed6dc Co-authored-by: SamuelHassine <1334279+SamuelHassine@users.noreply.github.com>

Copilot AI changed the title ~~[WIP] Fix timestamp issue with MISP connector~~ MISP: align Report created/published timestamps with event publication time May 21, 2026

Copilot AI requested a review from SamuelHassine May 21, 2026 22:03

Copilot finished work on behalf of SamuelHassine May 21, 2026 22:03

SamuelHassine closed this May 22, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

MISP: align Report created/published timestamps with event publication time#6489

MISP: align Report created/published timestamps with event publication time#6489
Copilot wants to merge 3 commits into
masterfrom
copilot/fix-timestamp-issue

Copilot AI commented May 21, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

Copilot AI commented May 21, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Copilot AI commented May 21, 2026 •

edited

Loading