From 467e23ffbbcb890e00a5b4235bac79d63d4ad312 Mon Sep 17 00:00:00 2001
From: jbfuzier <jbfuzier@gmail.com>
Date: Fri, 23 Jan 2026 12:58:39 +0100
Subject: [PATCH 1/2] Handle timestampVal type in stats.py

Add handling for timestampVal, this is used when stats queries return timebuckets, example :

events:
            $e.metadata.log_type="CS_EDR"
            $log_type = $e.metadata.log_type
match:
            $log_type by 5m
outcome:
            $total = math.round(count($e.metadata.id)/300)
---
 src/secops/chronicle/stats.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/secops/chronicle/stats.py b/src/secops/chronicle/stats.py
index 5b5f4e0..5fe1098 100644
--- a/src/secops/chronicle/stats.py
+++ b/src/secops/chronicle/stats.py
@@ -13,7 +13,7 @@
 # limitations under the License.
 #
 """Statistics functionality for Chronicle searches."""
-from datetime import datetime
+from datetime import datetime, UTC
 from typing import Any
 
 from secops.exceptions import APIError
@@ -127,6 +127,8 @@ def process_stats_results(stats: dict[str, Any]) -> dict[str, Any]:
                     values.append(float(val["doubleVal"]))
                 elif "stringVal" in val:
                     values.append(val["stringVal"])
+                elif "timestampVal" in val:
+                    values.append(datetime.fromisoformat(val["timestampVal"].replace('Z', '+00:00')).replace(tzinfo=UTC))
                 else:
                     values.append(None)
             # Handle list value cells (like those from array_distinct)

From e5a957b5cb70353fa651c460ecb265cb743d5b4c Mon Sep 17 00:00:00 2001
From: Mihir Vala <179564180+mihirvala-crestdata@users.noreply.github.com>
Date: Thu, 29 Jan 2026 11:49:13 +0530
Subject: [PATCH 2/2] chore: fixed tests

---
 src/secops/chronicle/stats.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/secops/chronicle/stats.py b/src/secops/chronicle/stats.py
index 5fe1098..5618765 100644
--- a/src/secops/chronicle/stats.py
+++ b/src/secops/chronicle/stats.py
@@ -13,7 +13,7 @@
 # limitations under the License.
 #
 """Statistics functionality for Chronicle searches."""
-from datetime import datetime, UTC
+from datetime import datetime, timezone
 from typing import Any
 
 from secops.exceptions import APIError
@@ -128,7 +128,11 @@ def process_stats_results(stats: dict[str, Any]) -> dict[str, Any]:
                 elif "stringVal" in val:
                     values.append(val["stringVal"])
                 elif "timestampVal" in val:
-                    values.append(datetime.fromisoformat(val["timestampVal"].replace('Z', '+00:00')).replace(tzinfo=UTC))
+                    values.append(
+                        datetime.fromisoformat(
+                            val["timestampVal"].replace("Z", "+00:00")
+                        ).replace(tzinfo=timezone.utc)
+                    )
                 else:
                     values.append(None)
             # Handle list value cells (like those from array_distinct)