Forum Discussion
Lookup data from the last == ingestion_time()
Howdy! In "Analytics rule wizard - Create a new Scheduled rule" under Query scheduling you have to fill out "Lookup data from the last" What time field is Sentinel looking at when determ...
Thanks for the reply! This is interesting. Are you sure about this? Im finding some of the TimeGenerated to be unreliable and all over the place. For example events having TimeGenerated after they are ingested (time paradox)
Microsoft product unreliable? No way :D
A little bit more information in the link below;
https://learn.microsoft.com/en-us/azure/sentinel/ingestion-delay