Forum Discussion

sijmalik's avatar
sijmalik
Copper Contributor
Feb 22, 2021
Solved

Monitoring data connectors in Sentinel - Check if any connectors are down

Hi, You will have to forgive my basic Azure knowledge, as I'm a DBA looking after about 250 servers for various clients, but have been asked by my company if I could write some KQL that will alert t...
  • CliveWatson's avatar
    CliveWatson
    Feb 22, 2021

    sijmalik 

     

    Search and Union wildcards are not allowed (i.e union *) but you can name the Tables, as per this simple example using two common Tables:

    union SecurityAlert, SecurityEvent
| limit 10

    (within a Analytics scheduled rule in Azure Sentinel) 

CliveWatson's avatar
CliveWatson
Former Employee
Feb 22, 2021

sijmalik 

 

Search and Union wildcards are not allowed (i.e union *) but you can name the Tables, as per this simple example using two common Tables:

union SecurityAlert, SecurityEvent
| limit 10

(within a Analytics scheduled rule in Azure Sentinel) 

sijmalik's avatar
sijmalik
Copper Contributor
Feb 22, 2021

CliveWatson Ah. OK, yes I was using union *, it works fine when I put the table names in. Thanks Clive, much appreciated!

 

So, just being a bit cheeky does anyone know how to delete a connector, as I need to do this for testing? I'm assuming I have to use HTTP and pass in the URI parameters. But as an example, I've got an Azure SQL Database connector that I want to delete. Where would I find the connector ID? I tried just putting in 'Azure SQL Database' in the connector ID parameter but I got a 204 code back.

 

Thanks