Hello!, im doing a query to log analytics to pass the data to a PowerApps,
in the Flow i call to the api of sentinel and i get the entities, i get the query (is dynamically never the same query) and i get the time range like this:
"additionalData": {
"ProcessedBySentinel": "True",
"Search Query Results Overall Count": "3",
"Query Start Time UTC": "2021-05-27T19:22:07Z",
"Query End Time UTC": "2021-05-27T20:22:07Z",
"Analytic Rule Name": "Conexiones RDP no comunes",
"Analytic Rule Ids": "[\"\"]",
"Trigger Threshold": "0",
"Trigger Operator": "GreaterThan",
"Event Grouping": "SingleAlert",
"Query Period": "01:00:00",
"Data Sources": "[\"logazsentinel\"]",
"Query": " QUERY",
"Total Account Entities": "3",
"Total IP Entities": "2",
"Total Host Entities": "2"
}The data what i need is between this time
"Query Start Time UTC": "2021-05-27T19:22:07Z",
"Query End Time UTC": "2021-05-27T20:22:07Z",and im calling the query like this:
I check in the documentation and just i can query with the timespan
the timespan, just get me the results from the current time minus the hours especified like
is 5:40 PM and i put PT1H30M i get the results from 5:40PM to 4:10PM
so the question i have: is posible to do something like: timespan:
"timespan":"2021-05-27T19:22:07Z" betwenn "2021-05-27T20:22:07Z"
