diff --git a/Detections/SecurityEvent/TimeSeriesAnomaly-ProcessExecutions.yaml b/Detections/SecurityEvent/TimeSeriesAnomaly-ProcessExecutions.yaml
index 5de871baa02..b6377542127 100644
--- a/Detections/SecurityEvent/TimeSeriesAnomaly-ProcessExecutions.yaml
+++ b/Detections/SecurityEvent/TimeSeriesAnomaly-ProcessExecutions.yaml
@@ -34,7 +34,7 @@ query: |
   | where TimeGenerated between (startofday(ago(starttime))..startofday(ago(endtime)))
   | where Process in (ExeList)
   | project TimeGenerated, Computer, AccountType, Account, Process
-  | make-series Total=count() on TimeGenerated from ago(starttime) to ago(endtime) step timeframe by Process;
+  | make-series Total=count() on TimeGenerated from startofday(ago(starttime)) to startofday(ago(endtime)) step timeframe by Process;
   let TimeSeriesAlerts = materialize(TimeSeriesData
   | extend (anomalies, score, baseline) = series_decompose_anomalies(Total, 1.5, -1, 'linefit')
   | mv-expand Total to typeof(double), TimeGenerated to typeof(datetime), anomalies to typeof(double), score to typeof(double), baseline to typeof(long)
@@ -64,4 +64,4 @@ entityMappings:
     fieldMappings:
       - identifier: FullName
         columnName: HostCustomEntity
-version: 1.0.0
\ No newline at end of file
+version: 1.0.1