Update Events surrounding alert.txt
This commit is contained in:
tali-ash
GitHub
Родитель
dd66127d30
Коммит
583361f083
|
|
@ -27,7 +27,6 @@ DeviceLogonEvents
|
|||
// This query looks for events that are near in time to a detected event.
|
||||
// It shows how you could avoid typing exact timestamps, and replace it with a simple query to get the timestamp of your pivot event (e.g. a detected event).
|
||||
// This is useful when you have queries that you run often - e.g. as part of your regular investigation of an alert.
|
||||
|
||||
// Original query: filter for network logon events right before some timestamp
|
||||
let DeviceId = "474908f457a1dc4c1fab568f808d5f77bf3bb951";
|
||||
let timestamp = datetime(2018-06-09T02:23:26.6832917Z);
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче