Blog Post

Microsoft Sentinel Blog

5 MIN READ

Handling sliding windows in Azure Sentinel rules

Microsoft

Jul 06, 2020

In the article "Azure Sentinel correlation rules: Active Lists out; make_list() in," I presented a rule that detects several sign-in failures to Azure AD, alongside a sign-in success to AWS from the ...

Updated Dec 29, 2020

Version 2.0

Ofer_Shezaf

Microsoft

Joined March 01, 2019

View Profile

Microsoft Sentinel Blog

Microsoft Sentinel is an industry-leading SIEM & AI-first platform powering agentic defense across the entire security ecosystem.

Ofer_Shezaf

Microsoft

Apr 04, 2021

luizao_lf : you are correct that some sources do not produce a reliable TimeGenerated field. For each of those you will have to pick the correct timestamp. For Firewalls for example, it would differ based on the specific firewall.