Forum Discussion
cyberHardik
May 31, 2021Copper Contributor
Sentinel data Connector Health Status -email notification
Hey guys, I have created a playbook for monitoring sentinel data connectors health and an email notification is setup if there is no logs received for any connector in last 48 hrs . It is fully ...
CliveWatson
Microsoft
The Usage Table is designed for questions like this, I suspect you are using "union *" and it wont guarantee in the query that each type/row maps to a solution, hence the missing solution field.
Usage
| summarize make_set(DataType), dcount(DataType) by Solution
Usage
| summarize make_set(DataType), dcount(DataType) by Solution
cyberHardik
Jun 11, 2021Copper Contributor
You got me@Clive Watson
Absolutely bang on Genius!
Yups, I am using Union *. Thanx alot for your help , All sorted now except one thing as logs are pulled over a given time frame so if there is no logs in that time frame then Data Type will be not present in the projected table and all the hardwork will go in vain. what do you suggest in that case ?
Absolutely bang on Genius!
Yups, I am using Union *. Thanx alot for your help , All sorted now except one thing as logs are pulled over a given time frame so if there is no logs in that time frame then Data Type will be not present in the projected table and all the hardwork will go in vain. what do you suggest in that case ?