Query Details
Time Range Example
Query
//Example of setting time range between two values let StartTime=ago(24h); let StopTime=now(); SecurityEvent | where TimeGenerated >StartTime and TimeGenerated <=StopTime
Explanation
This query sets a time range between the last 24 hours and the current time. It then retrieves security events that occurred within that time range.
Details
Rod Trent
Released: December 7, 2021
Tables
SecurityEvent
Keywords
Devices,Intune,User,StartTime,StopTime,SecurityEvent,TimeGenerated
Operators
whereandagonow