Skip to content

Bug: Data and Time not being accecpted [USA / UK Date Format] #290

New issue
New issue
Open
Open
Bug: Data and Time not being accecpted [USA / UK Date Format]#290
Assignees
T0pCyber
Labels
status/backlogIn backlog / validatedtype/bugNon-urgent code defect
@Tularis1

Description

@Tularis1
Tularis1
opened on Jun 9, 2025

What happened?

I want to run Hawk between "11th of March 2025" and "9th of June 2025" but I always seem to get the error;

Write-ErrorMessage : ||Audit log search argument startDate (03/11/2025 00:00:00) is later than endDate (06/10/2025 00:00:00).

I am in the UK and my PC is set to use the UK Locale.

[Using the USA Date Format MM/DD/YYY]
Start-HawkTenantInvestigation -StartDate "03/11/2025" -EndDate "06/09/2025" -FilePath "C:\Investigation" -SkipUpdate

[2025-06-09 16:40:28Z] - [ACTION] - Running Unified Audit Log Search
Write-ErrorMessage : ||Audit log search argument startDate (03/11/2025 00:00:00) is later than endDate (06/10/2025 00:00:00).
At C:\Users\PeterHopkins\AppData\Local\Temp\tmpEXO_cf3k5qyq.11f\tmpEXO_cf3k5qyq.11f.psm1:1189 char:13
+             Write-ErrorMessage $ErrorObject
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Search-UnifiedAuditLog], ArgumentException
    + FullyQualifiedErrorId : [Server=LNXP265MB1081,RequestId=4a062ed6-a9e6-5968-5f7d-8a21f3a8581c,TimeStamp=Mon, 09 Jun 2025 16:40:28 GMT],Write-ErrorMessage

[Using the UK Date Format DDMM/YYY]

Start-HawkTenantInvestigation -StartDate "11/03/2025" -EndDate "09/06/2025" -FilePath "C:\Investigation" -SkipUpdate

EndDate cannot be more than one day in the future

Even if I run with the -DaysToLookBack 30 command

Start-HawkTenantInvestigation -DaysToLookBack 30 -FilePath "C:\Hawk"

[2025-06-09 16:42:37Z] - [ACTION] - Running Unified Audit Log Search Write-ErrorMessage : ||Audit log search argument startDate (03/11/2025 00:00:00) is later than endDate (06/10/2025 00:00:00). At C:\Users\PeterHopkins\AppData\Local\Temp\tmpEXO_cf3k5qyq.11f\tmpEXO_cf3k5qyq.11f.psm1:1189 char:13 Write-ErrorMessage $ErrorObject ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CategoryInfo : InvalidArgument: (:) [Search-UnifiedAuditLog], ArgumentException FullyQualifiedErrorId : [Server=LNXP265MB1081,RequestId=43bad51a-406e-715c-744a-c97bbe051ec1,TimeStamp=Mon, 09 Jun 2025 16:42:36 GMT],Write-ErrorMessage

Steps to Reproduce

Set PC to UK Date and Time Local
Run Start-HawkTenantInvestigation -DaysToLookBack 30 -FilePath "C:\Hawk"

Hawk Version

4.0

Technical Analysis

No response

Implementation Plan

No response

Acceptance Criteria

No response

Metadata

Metadata

Assignees

Labels

status/backlogIn backlog / validatedtype/bugNon-urgent code defect

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions