Forum Discussion

Copper Contributor

Sep 06, 2022

Solved

Help. It is necessary to make a rule that will work in a certain range of time

Hello! It is necessary to make a rule that will work in a certain range of time. e.g. every day from 21:00 to 00:00 or from 21:00 to the next morning 06:00. I tried to do it through the tran...

Sep 06, 2022

Dimitry36 You would need to do something like this to get the UTC equivalent of 0800 today

let dt = now();
print todatetime(strcat(datetime_part("month", dt),'/',datetime_part("day", dt),'/',datetime_part("year", dt), ' 08:00:00.000 AM'))

Dimitry36

Copper Contributor

Sep 06, 2022

I don't understand how to display an event at a specific time interval every day.
for example display events from 9:00 to 18:00, on this date every day

GBushey

Former Employee

Sep 06, 2022

Dimitry36 You would need to do something like this to get the UTC equivalent of 0800 today

let dt = now();
print todatetime(strcat(datetime_part("month", dt),'/',datetime_part("day", dt),'/',datetime_part("year", dt), ' 08:00:00.000 AM'))

Dimitry36
Copper Contributor
Sep 06, 2022

WindowsEvent
| where EventID == 4663
| where EventData.AccessMask == 0x10000 or EventData.AccessList == "%%1537"
//| How do I need a time range? I want to see the events that take place for example 9 am to 18 pm.
- Clive_Watson
  Bronze Contributor
  Sep 06, 2022
  Please see: https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/how-to-align-your-analytics-with-time-windows-in-azure-sentinel/ba-p/1667574 examples 9 & 10
  - Dimitry36
    Copper Contributor
    Sep 07, 2022
    Thank you very much, 9 example fit perfectly.