Add search date as the core

Author: Jt3kt

examples/Exabeam/Invoke-ExaExportFHK.ps1

@@ -129,7 +129,8 @@ for ($day = $DaysBetween; $day -ge 0; $day--) {
 
         # Get data for this time block with precise start and end hours
         # Each block is distinct: startHour:00:00 to endHour:59:59
-        $SearchResults = Get-LrtExaFHKResults -Days 1 -StartHour $startHour -EndHour $endHour -Verbose
+        # Pass the specific date and time range parameters
+        $SearchResults = Get-LrtExaFHKResults -SearchDate $ProcessDate -StartHour $startHour -EndHour $endHour -Verbose
 
         if ($SearchResults.rows) {
             $Rows = $SearchResults.rows | Sort-Object approxLogTime

src/Public/Exabeam/Search/Get-LrtExaFHKResults.ps1

@@ -24,18 +24,18 @@ Function Get-LrtExaFHKResults {
 
     [CmdletBinding()]
     Param(
-        [Parameter(Mandatory = $false, ValueFromPipeline = $true, Position = 0)]
-        [ValidateNotNull()]
-        [int] $Days = 1,
-
-        [Parameter(Mandatory = $false, Position = 1)]
+        [Parameter(Mandatory = $false, Position = 0)]
         [ValidateNotNull()]
         [int] $StartHour = 0,
 
-        [Parameter(Mandatory = $false, Position = 2)]
+        [Parameter(Mandatory = $false, Position = 1)]
         [ValidateNotNull()]
         [int] $EndHour = 23,
 
+        [Parameter(Mandatory = $false, Position = 2)]
+        [ValidateNotNull()]
+        [DateTime] $SearchDate = (Get-Date), 
+        
         [Parameter(Mandatory = $false, Position = 3)]
         [ValidateNotNull()]
         [pscredential] $Credential = $LrtConfig.Exabeam.ApiKey
@@ -59,9 +59,10 @@ Function Get-LrtExaFHKResults {
 
         # Define HTTP URI
         $RequestUrl = $BaseUrl + "search/v2/events"
-        $CurrentDate = (Get-Date).ToUniversalTime()
-        # Temporary variables
-        $PastDate = $CurrentDate.Date.AddDays(-$Days)
+        
+        # Use SearchDate parameter (defaults to today if not provided)
+        $QueryDate = $SearchDate.Date
+        Write-Verbose "[$Me]: Using search date: $QueryDate"
 
         # Validate hour parameters (between 0-23)
         $ValidatedStartHour = [Math]::Max(0, [Math]::Min(23, $StartHour))
@@ -75,20 +76,12 @@ Function Get-LrtExaFHKResults {
         Write-Verbose "[$Me]: Using time range: $ValidatedStartHour:00 to $ValidatedEndHour:59"
 
         # Create precise time range for this query with guaranteed non-overlapping time windows
-        $startTime = $PastDate.AddHours($ValidatedStartHour).ToString("yyyy-MM-ddTHH:00:00.000Z")
+        $startTime = $QueryDate.AddHours($ValidatedStartHour).ToString("yyyy-MM-ddTHH:00:00.000Z")
 
-        # If we're querying the same day, use the end hour with precise formatting
-        # If we're querying multiple days, handle differently
-        if ($Days -le 1) {
-            # Create an exclusive end time that doesn't overlap with the next time block
-            # End time is the last second of the specified end hour (HH:59:59)
-            $endTime = $PastDate.AddHours($ValidatedEndHour).AddMinutes(59).AddSeconds(59).ToString("yyyy-MM-ddTHH:mm:ss.000Z")
-            Write-Verbose "[$Me]: Time window: $startTime to $endTime"
-        } else {
-            # For multi-day queries, keep the existing behavior
-            $endTime = $PastDate.AddDays($Days).ToString("yyyy-MM-ddT23:59:59.000Z")
-            Write-Verbose "[$Me]: Multi-day time window: $startTime to $endTime"
-        }
+        # Create precise end time for the time block (last second of the end hour)
+        # End time is the last second of the specified end hour (HH:59:59)
+        $endTime = $QueryDate.AddHours($ValidatedEndHour).AddMinutes(59).AddSeconds(59).ToString("yyyy-MM-ddTHH:mm:ss.000Z")
+        Write-Verbose "[$Me]: Precise time window: $startTime to $endTime"
 
 
         # Check preference requirements for self-signed certificates and set enforcement for Tls1.2