Home

Sentinel Data Connector

%3CLINGO-SUB%20id%3D%22lingo-sub-933792%22%20slang%3D%22en-US%22%3ESentinel%20Data%20Connector%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-933792%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Team%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20started%20using%20data%20connectors%20in%20sentinel.%20I%20want%20know%2C%20is%20there%20any%20way%20to%20log%20an%20alert%2Fincident%20or%20notification.%20when%20any%20of%20the%20active%20data%20connectors%20stopped%20polling%20the%20logs%20for%20some%20reason.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-933792%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ESentinel%20Data%20Connector%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-933929%22%20slang%3D%22en-US%22%3ERe%3A%20Sentinel%20Data%20Connector%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-933929%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F419828%22%20target%3D%22_blank%22%3E%40Pavan_Gelli%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EPlease%20see%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Sentinel%2Flist-of-reporting-sourcetypes%2Fm-p%2F906926%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Sentinel%2Flist-of-reporting-sourcetypes%2Fm-p%2F906926%3C%2FA%3E%26nbsp%3Bfor%20an%20example%20query%20(adjust%20time%20window%20to%20suit%2C%20as%2024hrs%20maybe%20too%20long%20for%20your%20use%20case)%2C%20you%20can%20add%20that%20as%20an%20Alert%20or%20use%20it%20from%20Azure%20Monitor%20Alerts.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%20Clive%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Hi Team,

 

I have started using data connectors in sentinel. I want know, is there any way to log an alert/incident or notification. when any of the active data connectors stopped polling the logs for some reason.

 

 

1 Reply
Highlighted

@Pavan_Gelli 

 

Please see https://techcommunity.microsoft.com/t5/Azure-Sentinel/list-of-reporting-sourcetypes/m-p/906926 for an example query (adjust time window to suit, as 24hrs maybe too long for your use case), you can add that as an Alert or use it from Azure Monitor Alerts.

 

Thanks Clive