From 09700b153dad21f7a539711340717a2623ac77d1 Mon Sep 17 00:00:00 2001
From: Dan Kortschak <dan.kortschak@elastic.co>
Date: Mon, 12 Aug 2024 09:56:28 +0930
Subject: [PATCH] qualys_vmdr: use correct time format for last_modified_after
 parameter (#10759)

According to the Qualys documentation, the time format for query parameters
does not include sub-second resolution:

 The date/time is specified in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT).

https://cdn2.qualys.com/docs/qualys-api-vmpc-user-guide.pdf
---
 packages/qualys_vmdr/_dev/deploy/docker/files/config.yml     | 2 ++
 packages/qualys_vmdr/changelog.yml                           | 5 +++++
 .../data_stream/knowledge_base/agent/stream/input.yml.hbs    | 2 +-
 packages/qualys_vmdr/manifest.yml                            | 2 +-
 4 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/packages/qualys_vmdr/_dev/deploy/docker/files/config.yml b/packages/qualys_vmdr/_dev/deploy/docker/files/config.yml
index 1cf55e394bd..0a89b81aaee 100644
--- a/packages/qualys_vmdr/_dev/deploy/docker/files/config.yml
+++ b/packages/qualys_vmdr/_dev/deploy/docker/files/config.yml
@@ -237,6 +237,7 @@ rules:
     methods: ['GET']
     query_params:
       ids: 123
+      last_modified_after: '{last_modified_after:\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}}Z'
     responses:
       - status_code: 200
         body: |-
@@ -302,6 +303,7 @@ rules:
   - path: /api/2.0/fo/knowledge_base/vuln/
     methods: ['GET']
     query_params:
+      last_modified_after: '{last_modified_after:\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}}Z'
     responses:
       - status_code: 200
         body: |-
diff --git a/packages/qualys_vmdr/changelog.yml b/packages/qualys_vmdr/changelog.yml
index b8159e06811..e274b038692 100644
--- a/packages/qualys_vmdr/changelog.yml
+++ b/packages/qualys_vmdr/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "4.2.2"
+  changes:
+    - description: Ensure last_modified_after query parameter is in the correct format.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/10759
 - version: "4.2.1"
   changes:
     - description: Fix CEL access to unset state.params in knowledge_base.
diff --git a/packages/qualys_vmdr/data_stream/knowledge_base/agent/stream/input.yml.hbs b/packages/qualys_vmdr/data_stream/knowledge_base/agent/stream/input.yml.hbs
index f5a7476c1f1..cbd4b6279a4 100644
--- a/packages/qualys_vmdr/data_stream/knowledge_base/agent/stream/input.yml.hbs
+++ b/packages/qualys_vmdr/data_stream/knowledge_base/agent/stream/input.yml.hbs
@@ -29,7 +29,7 @@ program: |
     request("GET", state.url.trim_right("/") + "/api/2.0/fo/knowledge_base/vuln/?" +
       state.?params.orValue("").parse_query().with({
         "action": ["list"],
-        "last_modified_after": [state.?cursor.last_modified.orValue(string(now - duration(state.initial_interval)))],
+        "last_modified_after": [state.?cursor.last_modified.orValue((now - duration(state.initial_interval)).format(time_layout.RFC3339))],
       }).format_query()
     ).with({
       "Header":{
diff --git a/packages/qualys_vmdr/manifest.yml b/packages/qualys_vmdr/manifest.yml
index 86786e93194..cfe3382611a 100644
--- a/packages/qualys_vmdr/manifest.yml
+++ b/packages/qualys_vmdr/manifest.yml
@@ -1,7 +1,7 @@
 format_version: "3.0.2"
 name: qualys_vmdr
 title: Qualys VMDR
-version: "4.2.1"
+version: "4.2.2"
 description: Collect data from Qualys VMDR platform with Elastic Agent.
 type: integration
 categories: