Is it possible to create an alert in Azure Sentinel for when a data source stops feeding logs?

Question

This question was closed Jun 18, 2020 at 04:46 PM by HillmanCorey-4611 for the following reason: Question is answered, right answer was accepted

question

HillmanCorey-4611 asked Jun 18, '20 HillmanCorey-4611 commented Jun 18, '20

Is it possible to create an alert in Azure Sentinel for when a data source stops feeding logs?

I am trying to create an alert query that will let me know if a specific source has not provided logs within 7 days, but I am not sure the what syntax would allow for this. It is simple to find entries older than 7 days, but is it possible to alert if there are no entries younger than 7 days available? Thanks in advance for any assistance.

azure-monitor microsoft-sentinel

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Answer 1 · 2020-06-18T16:34:20.06Z

RoyKim-2230 answered Jun 18, '20 HillmanCorey-4611 commented Jun 18, '20

You can make a log analytics query to to count the number of logs returned for a certain period and create an alert based on that. But no direct feature for that.

· 1

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

HillmanCorey-4611 · Jun 18, 2020 at 04:36 PM

Excellent, this will work for my purposes! Thanks!

0 ·

question

Is it possible to create an alert in Azure Sentinel for when a data source stops feeding logs?

1 Answer

question details

question

Is it possible to create an alert in Azure Sentinel for when a data source stops feeding logs?

1 Answer

question details

Related Questions