Forum Discussion

Copper Contributor

Sep 06, 2022

Solved

Help. It is necessary to make a rule that will work in a certain range of time

Hello! It is necessary to make a rule that will work in a certain range of time. e.g. every day from 21:00 to 00:00 or from 21:00 to the next morning 06:00. I tried to do it through the tran...

Sep 06, 2022

Dimitry36 You would need to do something like this to get the UTC equivalent of 0800 today

let dt = now();
print todatetime(strcat(datetime_part("month", dt),'/',datetime_part("day", dt),'/',datetime_part("year", dt), ' 08:00:00.000 AM'))

GBushey

Former Employee

Sep 06, 2022

Dimitry36 What is the issue you are running into? Using

todatetime('2022-09-06T23:04:01Z')

converts the string into the UTC time of '9/6/2022, 11:04:01.000 PM'

Dimitry36
Copper Contributor
Sep 06, 2022
I don't understand how to display an event at a specific time interval every day.
for example display events from 9:00 to 18:00, on this date every day
- GBushey
  Former Employee
  Sep 06, 2022
  Dimitry36 You would need to do something like this to get the UTC equivalent of 0800 today
  
  let dt = now(); print todatetime(strcat(datetime_part("month", dt),'/',datetime_part("day", dt),'/',datetime_part("year", dt), ' 08:00:00.000 AM'))
  - Dimitry36
    Copper Contributor
    Sep 06, 2022
    
    WindowsEvent
    | where EventID == 4663
    | where EventData.AccessMask == 0x10000 or EventData.AccessList == "%%1537"
    //| How do I need a time range? I want to see the events that take place for example 9 am to 18 pm.