Home

Sentinel Data Connector

%3CLINGO-SUB%20id%3D%22lingo-sub-933792%22%20slang%3D%22en-US%22%3ESentinel%20Data%20Connector%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-933792%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Team%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20started%20using%20data%20connectors%20in%20sentinel.%20I%20want%20know%2C%20is%20there%20any%20way%20to%20log%20an%20alert%2Fincident%20or%20notification.%20when%20any%20of%20the%20active%20data%20connectors%20stopped%20polling%20the%20logs%20for%20some%20reason.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-933792%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ESentinel%20Data%20Connector%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-933929%22%20slang%3D%22en-US%22%3ERe%3A%20Sentinel%20Data%20Connector%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-933929%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F419828%22%20target%3D%22_blank%22%3E%40Pavan_Gelli%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EPlease%20see%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Sentinel%2Flist-of-reporting-sourcetypes%2Fm-p%2F906926%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Sentinel%2Flist-of-reporting-sourcetypes%2Fm-p%2F906926%3C%2FA%3E%26nbsp%3Bfor%20an%20example%20query%20(adjust%20time%20window%20to%20suit%2C%20as%2024hrs%20maybe%20too%20long%20for%20your%20use%20case)%2C%20you%20can%20add%20that%20as%20an%20Alert%20or%20use%20it%20from%20Azure%20Monitor%20Alerts.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%20Clive%3C%2FP%3E%3C%2FLINGO-BODY%3E
Pavan_Gelli
New Contributor

Hi Team,

 

I have started using data connectors in sentinel. I want know, is there any way to log an alert/incident or notification. when any of the active data connectors stopped polling the logs for some reason.

 

 

1 Reply

@Pavan_Gelli 

 

Please see https://techcommunity.microsoft.com/t5/Azure-Sentinel/list-of-reporting-sourcetypes/m-p/906926 for an example query (adjust time window to suit, as 24hrs maybe too long for your use case), you can add that as an Alert or use it from Azure Monitor Alerts.

 

Thanks Clive

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies