Blog Post

Microsoft Sentinel Blog

9 MIN READ

How to align your Analytics with time windows in Azure Sentinel using KQL (Kusto Query Language)

Former Employee

Sep 21, 2020

Overview Thanks to Ofer Shezaf, Kieran Bhardwaj and Younes Khaldi for the ideas and proof reading! Many of the query examples you see in KQL (Kusto Query Language) Detections, Rules, Hunting a...

Updated Nov 02, 2021

Version 3.0

investigation

microsoft sentinel

CliveWatson

Former Employee

Joined November 07, 2018

View Profile

Microsoft Sentinel Blog

Microsoft Sentinel is an industry-leading SIEM & AI-first platform powering agentic defense across the entire security ecosystem.

ssosts1

Copper Contributor

Sep 22, 2022

CliveWatson Great use of various sets of queries where time & day could be tuned.

I'm trying to come up with a query which renders mean time to respond and mean time to resolve for weekly or monthly reporting, however the challenge I've is we only operate 9-5 PM weekdays only and this is messing up the stats for obvious reasons. Let's say incident is fired midnight and no one would pick it up till 9AM and when the stats are run for mean time to respond and resolve they would naturally be higher.

Would you be able to help here!