Nov 09 2020 01:30 AM - edited Nov 09 2020 01:32 AM
Hi Community,
I am currently working with a client on a certain requirement for detection of an office 365 message activity based on time and date. below business use case in detail
Use case: emails sent to external domain
For the first use case, I have created KQL for detection based on Time hours and it is working but the rule runs only on certain time during the weekend because I need the rule to detect activities anytime on weekend, below query for reference
Require Help on:
P.S: i used logic app's recurrence based on date and time but logic app doesn't support
enabling/disabling a sentinel rule
Nov 10 2020 07:04 AM
@KrishhnaM You could use a dayofweek function to determine if it is a weekend or not and then and iif statement to handle different hour of the day processing.