From e0a7c82c6a13469636ba5dbbd947005ec32d8a03 Mon Sep 17 00:00:00 2001
From: Fuck You <fuckyou@gmail.com>
Date: Sun, 3 Jan 2021 09:23:48 -0600
Subject: [PATCH] added  hour_range_enhancement in order to use time window
 feature

---
 elastalert_modules/hour_range_enhancement.py | 26 ++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 elastalert_modules/hour_range_enhancement.py

diff --git a/elastalert_modules/hour_range_enhancement.py b/elastalert_modules/hour_range_enhancement.py
new file mode 100644
index 0000000..d6733d5
--- /dev/null
+++ b/elastalert_modules/hour_range_enhancement.py
@@ -0,0 +1,26 @@
+import dateutil.parser
+
+from elastalert.enhancements import BaseEnhancement
+from elastalert.enhancements import DropMatchException
+
+
+class HourRangeEnhancement(BaseEnhancement):
+    def process(self, match):
+        timestamp = None
+        try:
+            timestamp = dateutil.parser.parse(match['@timestamp']).time()
+        except Exception:
+            try:
+                timestamp = dateutil.parser.parse(match[self.rule['timestamp_field']]).time()
+            except Exception:
+                pass
+        if timestamp is not None:
+            time_start = dateutil.parser.parse(self.rule['start_time']).time()
+            time_end = dateutil.parser.parse(self.rule['end_time']).time()
+            if(self.rule['drop_if'] == 'outside'):
+                if timestamp < time_start or timestamp > time_end:
+                    raise DropMatchException()
+            elif(self.rule['drop_if'] == 'inside'):
+                if timestamp >= time_start and timestamp <= time_end:
+                    raise DropMatchException()
+