Forum Discussion
Dimitry36
Sep 06, 2022Copper Contributor
Help. It is necessary to make a rule that will work in a certain range of time
Hello! It is necessary to make a rule that will work in a certain range of time. e.g. every day from 21:00 to 00:00 or from 21:00 to the next morning 06:00. I tried to do it through the tran...
Dimitry36
Copper Contributor
WindowsEvent
| where EventID == 4663
| where EventData.AccessMask == 0x10000 or EventData.AccessList == "%%1537"
//| How do I need a time range? I want to see the events that take place for example 9 am to 18 pm.
Clive_Watson
Sep 06, 2022Bronze Contributor
Please see: https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/how-to-align-your-analytics-with-time-windows-in-azure-sentinel/ba-p/1667574 examples 9 & 10
- Dimitry36Sep 07, 2022Copper ContributorThank you very much, 9 example fit perfectly.