• Support
  • Forums
  • Blogs

Non business hour policy/directive

ol.batardol.batard

Space invader
+12
Hi guys,

Does someone has a directive/policy for non business hours successful login ? 

This page doesn't help because it's not possible to define the logon type. It makes lot of unnecessary events (logon type 3).

I tried to do the thing with a policy but as I understand the weekly time range :
Policy starts a day (monday) at a specificic hour and ends another day (friday) at another hour. 

What I would like is a policy daily based but with a specific start and end time. 

Is it possible ?

How do you do it? 

Thanks

Share post:

Answers

  • Hello @ol.batard,

       If I am understanding your question correctly, you simply need to create a Policy with a 'Time_Range' setting ::

    Screen Shot 2018-02-21 at 2.51.43 PM


    Screen Shot 2018-02-21 at 2.52.01 PM

       Regards,

    - kratos
  • Hi Kratos,

    That's I'm trying to. 

    What I would like is :
    From monday to friday and for each day, from 8:00pm to 7:00am

    Example:
    Monday 8:00pm to Thurday 7:00am
    Tuesday 8:00pm to wednesday 7:00am
    ...
    Friday...

    The daily time range allows a time range no matter the day while the weekly time range, as I understand, allows from a day at xxx to another day at yyyy.

    Example:
    Monday 8:00pm to Friday 7:00am

    I hope it's clear to understand. In other words, I would like to detect Non Business Hours connections from monday to friday and during the weekends. 

    Thanks
  • Hi,

    No one has correlation on non business hours??
  • nope...but it would be awesome...based on timezone as well...

  • Don t understand why this point is missing. It is a basic of cyber detection or I m missing something
    BruceSuarez
Sign In or Register to comment.