Forum Discussion
How to get trigger when our app server was down
Hi Friends,
I have one vm. In that vm i hosted one application server.so incase my server was down. that how to i get alert in login app in through sentinel.is it possible or not?if incase possiable how i deployed on.what is the procedure and what is the prerequeist
There are examples in the Queries pane of Log Analytics.
This one checks if a Server hasn't reported in in 5mins (adjust as necessary). Add this to a Sentinel Scheduled Analytic rule Create custom analytics rules to detect threats with Microsoft Sentinel | Microsoft Docs
Example:
Go to Log Analytics and run query// Not reporting VMs // VMs that have not reported a heartbeat in the last 5 minutes. // To create an alert for this query, click '+ New alert rule' Heartbeat | where TimeGenerated > ago(24h) | summarize LastCall = max(TimeGenerated) by Computer, _ResourceId | where LastCall < ago(5m)
2 Replies
There are examples in the Queries pane of Log Analytics.
This one checks if a Server hasn't reported in in 5mins (adjust as necessary). Add this to a Sentinel Scheduled Analytic rule Create custom analytics rules to detect threats with Microsoft Sentinel | Microsoft Docs
Example:
Go to Log Analytics and run query// Not reporting VMs // VMs that have not reported a heartbeat in the last 5 minutes. // To create an alert for this query, click '+ New alert rule' Heartbeat | where TimeGenerated > ago(24h) | summarize LastCall = max(TimeGenerated) by Computer, _ResourceId | where LastCall < ago(5m)- Thank you .
