May 17 2021
07:50 AM
- last edited on
Apr 08 2022
10:47 AM
by
TechCommunityAP
May 17 2021
07:50 AM
- last edited on
Apr 08 2022
10:47 AM
by
TechCommunityAP
Hi,
I need to setup the alert rule for specific VMProcess is stopped.
Earlier , we used set the query using ConfigurationChange Table .
ConfigurationChange
| where ConfigChangeType == "WindowsServices" and SvcState == "Stopped"
| sort by TimeGenerated desc
| where Computer == "PRODWIN1234"
| where SvcDisplayName == "WMI Performance Adapter"
May 25 2021 07:13 AM