Forum Discussion
MCAS SIEM agent status reporting
Hi. Is there a way to have MCAS generate an alert or email to indicate SIEM agent status change from "connected" to "disconnected". For example if the agent goes into disconnected or error state for x number of hours. Can an admin alert or email be generated, so that it can investigated and potentially agent restarted by operational teams etc.
Thanks.
3 Replies
Dima DonhinMicrosoft
Hi Max,
an alert is automatically generated in the MCAS console when a connection has been disconnected for over 2 hours.
If you want to receive an email you can email email notifications for system alerts by clicking on your user icon at the top right, clicking on the cogwheel and going to "Notifications".
Regards,
DimaThanks - will give this a test. I take it there is no way to centrally define that these SIEM agent type "system alerts" can be eg. sent to a specified separate operations email address instead of the email of the admin who just happens to have enabled the system notification emails ?
- Dima DonhinNot right now but its on our roadmap to add.
