Forum Discussion
Sentinel data Connector Health Status -email notification
Hey guys, I have created a playbook for monitoring sentinel data connectors health and an email notification is setup if there is no logs received for any connector in last 48 hrs . It is fully ...
I forget to mention that status of datatype also need to be fetched. whether they are connected or not . So I would fetch status of the datatype in tabular form. Please guide me as I am new to information security and less knowledge about KQL although I am enriching my knowledge day by day.
CliveWatson
Microsoft
MicrosoftNot currently, for now, you could use a IIF to create you own status column, much like this example
| extend status_= iff(last_log <=48,"Connected","Not Connected, or no data sent in time period")
| extend status_= iff(last_log <=48,"Connected","Not Connected, or no data sent in time period")
