Feature Request: Alerts when logs ingestion is missing logs

%3CLINGO-SUB%20id%3D%22lingo-sub-2632698%22%20slang%3D%22en-US%22%3EFeature%20Request%3A%20Alerts%20when%20logs%20ingestion%20is%20missing%20logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2632698%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20would%20like%20to%20see%20MSDFE%20generating%20alerts%20when%20end%20clients%20have%20communication%20or%20connectivity%20issues%20where%20logs%20are%20not%20being%20ingested%20into%20the%20MSDFE%20portal.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3Esac%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2657191%22%20slang%3D%22en-US%22%3ERE%3A%20Feature%20Request%3A%20Alerts%20when%20logs%20ingestion%20is%20missing%20logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2657191%22%20slang%3D%22en-US%22%3EYou%20can%20leverage%20Advanced%20Hunting%20Query%20in%20MDE%20portal%20to%20create%20a%20custom%20detection%20alert%20when%20there%20is%20any%20connectivity%20issue.%20sample%20query%3A%20DeviceTvmSecureConfigurationAssessment%20%7C%20where%20ConfigurationId%20in%20('scid-2002')%3C%2FLINGO-BODY%3E
Visitor

We would like to see MSDFE generating alerts when end clients have communication or connectivity issues where logs are not being ingested into the MSDFE portal.

 

Thanks,

sac

 

 

1 Reply
You can leverage Advanced Hunting Query in MDE portal to create a custom detection alert when there is any connectivity issue. sample query: DeviceTvmSecureConfigurationAssessment | where ConfigurationId in ('scid-2002')