Accessing Current Time ($Now) with a Variable

I have a use case where I want to compare a timestamp field in an Active List entry to the current time (like Python's datetime.datetime.now() ) using TimeDifferenceInMinutes - only to discover that ArcSight has no equivalent of the $Now variable to give me the current time in a datetime format.

I tried to create something by:

  • Using a velocity template (Rule, Active Channel, or Data Monitor only) to write the current date (using something like https://velocity.apache.org/tools/devel/javadoc/org/apache/velocity/tools/generic/DateTool.html. But: ArcSight will write it into a String field, and there's no way to convert a string (or integer, for that matter) to a timestamp value.
  • Using a Query/Trend to get the most recent event every X minutes (query returning the hourly equivalent) - but Trends can only be scheduled hourly.
  • Using a Scheduled Rule to get an event and write endTime to an Active list - but Rules can also only be scheduled hourly.

Do you have any other ideas about how to determine how much time has elapsed between a timestamp value and the current time?