Hello
Alerts in Azure Monitor only allow for a frequency, therefore you cannot specify an exact time to run. However there are some options
- Use a Logic App or Function to execute the query. You can specify exactly when these will run.
- Put a Time Range filter in your query to allow it to only return results within a specific period. This way the alert would run within a time window of the specified time. let HourOfDaytoRun = "01:00"; // Write this in 24 hour format with hh:mm UTC
let QueryFrequency = 10m; // This is the frequency of the alert. Specify this to avoid it running multiple times
let StartTime = startofday(now()) + totimespan(HourOfDaytoRun);
let EndTime = StartTime + QueryFrequency;
let IsQueryTime = iif(
now() between(StartTime .. EndTime), true, false
);
// Your Query Here
SecurityEvent
| where TimeGenerated > ago(1d)
| where IsQueryTime == true
I haven't allowed for daylight savings in my query as this varies from country to country
kind regards
Alistair