Alert to get notified if an external connected device become unreachable.

%3CLINGO-SUB%20id%3D%22lingo-sub-2003679%22%20slang%3D%22en-US%22%3EAlert%20to%20get%20notified%20if%20an%20external%20connected%20device%20become%20unreachable.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2003679%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Guys%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20would%20like%20to%20setup%20an%20alert%20to%20get%20notified%20if%20an%20external%20connected%20device%20(E.g.%20Cisco%20ASA)%20loose%20connection%20with%20RSyslog%2FSentinel.%20I%20wonder%20what%20field%20in%20the%20table%20I%20can%20pull%20with%20the%20logic%20and%20would%20be%20great%20if%20some%20one%20can%20share%20a%20sample%20KQL%20query..%20thanks%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2005104%22%20slang%3D%22en-US%22%3ERe%3A%20Alert%20to%20get%20notified%20if%20an%20external%20connected%20device%20become%20unreachable.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2005104%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F817217%22%20target%3D%22_blank%22%3E%40gsingh_microsoft%3C%2FA%3E%26nbsp%3BTake%20a%20look%20at%20this%20blog%20post%20as%20a%20good%20starting%20point%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fdata-connector-health-push-notification-alerts%2Fba-p%2F1996442%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fdata-connector-health-push-notification-alerts%2Fba-p%2F1996442%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Hi Guys

 

I would like to setup an alert to get notified if an external connected device (E.g. Cisco ASA) loose connection with RSyslog/Sentinel. I wonder what field in the table I can pull with the logic and would be great if some one can share a sample KQL query.. thanks

 

1 Reply