Forum Discussion
Questions on Microsoft Sentinel
Hi Community, Our customer raised the below queries relates to Fusion rules in Microsoft Sentinel. (1) For alerts/incidents triggered by fusion rules, if it’s false positive then any input fr...
- 1. no answer
2. You could, if you edit the KQL, convert UTC to local: https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/datetime-utc-to-local-function UTC is used throughout Sentinel.
1. no answer
2. You could, if you edit the KQL, convert UTC to local: https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/datetime-utc-to-local-function UTC is used throughout Sentinel.
2. You could, if you edit the KQL, convert UTC to local: https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/datetime-utc-to-local-function UTC is used throughout Sentinel.
Hi Clive,
Thank you very much for the answers. Let me share with this customer to see if they find helpful.
Thanks again!
Thank you very much for the answers. Let me share with this customer to see if they find helpful.
Thanks again!
