question

NaveenKrishali-9939 avatar image
0 Votes"
NaveenKrishali-9939 asked AlexZhu-MSFT edited

Timestamp format in MS ATP

Hello alll.
I need to understand the timestamp format for MS ATP advanced hunting queries. I tried below query

let selectedtimstamp = datetime(2021-05-05T6:54:17)
print selectedtimstamp

But the query failed. There are different sources that talk differently about this format, but none worked till now.
Plz specify the format in conventions like yyyy for year, mm for month, dd for days.
Also I can see some options for formatting date and timestamp.

format_datetime() and. format_timespan()

Can someone plz explain how to use these?
Thanks...

azure-security-center
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

JamesTran-MSFT avatar image
0 Votes"
JamesTran-MSFT answered NaveenKrishali-9939 commented

@NaveenKrishali-9939
Thank you for your post!

Based off of our Advanced hunting queries for Microsoft 365 Defender, I believe the datetime stamp should be in a format similar to MM/DD/YYYY HH:MM:SS (10/29/2020 14:04:11). For more info.

95335-image.png
Alert Events from Internal IP Address


When it comes to Microsoft ATP/Microsoft Defender for Endpoint, it's recommended to reach out to our experts via their Microsoft Defender for Endpoint Tech Community page. For more info.


If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.


Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.


image.png (33.2 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you james.
I got the problem area now. I had not been using a semi-colon at the end of the declaration. Thanks again...

0 Votes 0 ·