From b42b5f6bd9ed83bf66e6bd51e1b58b54e6d9c119 Mon Sep 17 00:00:00 2001
From: Marcus Bakker <marcus@mbsecure.nl>
Date: Mon, 10 Feb 2020 15:10:04 +0100
Subject: [PATCH 1/2] removed an unnecessary line of code

---
 health.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/health.py b/health.py
index 312451c..21adcdc 100644
--- a/health.py
+++ b/health.py
@@ -137,7 +137,6 @@ def check_health_data_sources(filename, ds_content, health_is_called, no_print=F
                 except AttributeError:
                     has_error = _print_error_msg('[!] Data source: \'' + ds['data_source_name'] + '\' has an INVALID data format for the key-value pair \'' + key
                                                  + '\': ' + ds[key] + '  (should be YYYY-MM-DD without quotes)', health_is_called)
-                    print(type(ds[key]))
 
         if 'available_for_data_analytics' in ds:
             if not isinstance(ds['available_for_data_analytics'], bool):

From dae670a364648cf780bef65ee6b076590a2664de Mon Sep 17 00:00:00 2001
From: Marcus Bakker <marcus@mbsecure.nl>
Date: Mon, 10 Feb 2020 21:57:35 +0100
Subject: [PATCH 2/2] Made the date kv-pairs compatible with the YAML GUI

---
 eql_yaml.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/eql_yaml.py b/eql_yaml.py
index 318cef0..3ed5e73 100644
--- a/eql_yaml.py
+++ b/eql_yaml.py
@@ -152,8 +152,10 @@ def _events_to_yaml(query_results, obj_type):
         try:
             for r in query_results:
                 if r['date_registered'] and isinstance(r['date_registered'], str):
+                    r['date_registered'] = REGEX_YAML_VALID_DATE.match(r['date_registered']).group(1)
                     r['date_registered'] = datetime.datetime.strptime(r['date_registered'], '%Y-%m-%d')
                 if r['date_connected'] and isinstance(r['date_connected'], str):
+                    r['date_connected'] = REGEX_YAML_VALID_DATE.match(r['date_connected']).group(1)
                     r['date_connected'] = datetime.datetime.strptime(r['date_connected'], '%Y-%m-%d')
         except KeyError:
             print(EQL_INVALID_RESULT_DS)
@@ -199,7 +201,8 @@ def _events_to_yaml(query_results, obj_type):
                 for k, v in score_logbook_event.items():
                     value = v
                     if isinstance(v, str) and REGEX_YAML_VALID_DATE.match(value):
-                        value = datetime.datetime.strptime(v, '%Y-%m-%d')
+                        value = REGEX_YAML_VALID_DATE.match(v).group(1)
+                        value = datetime.datetime.strptime(value, '%Y-%m-%d')
                     score_obj_yaml[k] = value
 
                 # The detection/visibility dict is missing. Create it.