• Support
  • Forums
  • Blogs
A New Community Experience is Coming! For more information, please see our announcement.

Non business hour policy/directive


Space invader
Hi guys,

Does someone has a directive/policy for non business hours successful login ? 

This page doesn't help because it's not possible to define the logon type. It makes lot of unnecessary events (logon type 3).

I tried to do the thing with a policy but as I understand the weekly time range :
Policy starts a day (monday) at a specificic hour and ends another day (friday) at another hour. 

What I would like is a policy daily based but with a specific start and end time. 

Is it possible ?

How do you do it? 


Share post:


  • Hello @ol.batard,

       If I am understanding your question correctly, you simply need to create a Policy with a 'Time_Range' setting ::

    Screen Shot 2018-02-21 at 2.51.43 PM

    Screen Shot 2018-02-21 at 2.52.01 PM


    - kratos
  • Hi Kratos,

    That's I'm trying to. 

    What I would like is :
    From monday to friday and for each day, from 8:00pm to 7:00am

    Monday 8:00pm to Thurday 7:00am
    Tuesday 8:00pm to wednesday 7:00am

    The daily time range allows a time range no matter the day while the weekly time range, as I understand, allows from a day at xxx to another day at yyyy.

    Monday 8:00pm to Friday 7:00am

    I hope it's clear to understand. In other words, I would like to detect Non Business Hours connections from monday to friday and during the weekends. 

  • Hi,

    No one has correlation on non business hours??
  • nope...but it would be awesome...based on timezone as well...

  • Don t understand why this point is missing. It is a basic of cyber detection or I m missing something
Sign In or Register to comment.