Forum Discussion

Copper Contributor

Sep 06, 2022

Solved

Help. It is necessary to make a rule that will work in a certain range of time

Hello! It is necessary to make a rule that will work in a certain range of time. e.g. every day from 21:00 to 00:00 or from 21:00 to the next morning 06:00. I tried to do it through the tran...

Sep 06, 2022

Dimitry36 You would need to do something like this to get the UTC equivalent of 0800 today

let dt = now();
print todatetime(strcat(datetime_part("month", dt),'/',datetime_part("day", dt),'/',datetime_part("year", dt), ' 08:00:00.000 AM'))

GBushey

Former Employee

Sep 06, 2022

Dimitry36 What is the issue you are running into? Using

todatetime('2022-09-06T23:04:01Z')

converts the string into the UTC time of '9/6/2022, 11:04:01.000 PM'

Dimitry36

Copper Contributor

Sep 06, 2022

I don't understand how to display an event at a specific time interval every day.
for example display events from 9:00 to 18:00, on this date every day

GBushey
Former Employee
Sep 06, 2022
Dimitry36 You would need to do something like this to get the UTC equivalent of 0800 today

let dt = now(); print todatetime(strcat(datetime_part("month", dt),'/',datetime_part("day", dt),'/',datetime_part("year", dt), ' 08:00:00.000 AM'))
- Dimitry36
  Copper Contributor
  Sep 06, 2022
  
  WindowsEvent
  | where EventID == 4663
  | where EventData.AccessMask == 0x10000 or EventData.AccessList == "%%1537"
  //| How do I need a time range? I want to see the events that take place for example 9 am to 18 pm.
  - Clive_Watson
    Bronze Contributor
    Sep 06, 2022
    Please see: https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/how-to-align-your-analytics-with-time-windows-in-azure-sentinel/ba-p/1667574 examples 9 & 10