Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

How to get trigger when our app server was down

Copper Contributor

Hi Friends,

 

I have one vm. In that vm i hosted one application server.so incase my server was down. that how to i get alert in login app in through sentinel.is it possible or not?if incase possiable how i deployed on.what is the procedure and what is the prerequeist

2 Replies
best response confirmed by GBushey (Microsoft)
Solution

@Siva_G 

 

There are examples in the Queries pane of Log Analytics. 

Clive_Watson_0-1663320796162.png

This one checks if a Server hasn't reported in in 5mins (adjust as necessary).  Add this to a Sentinel Scheduled Analytic rule Create custom analytics rules to detect threats with Microsoft Sentinel | Microsoft Docs

Example:
Go to Log Analytics and run query


// Not reporting VMs 
// VMs that have not reported a heartbeat in the last 5 minutes. 
// To create an alert for this query, click '+ New alert rule'
Heartbeat 
| where TimeGenerated > ago(24h)
| summarize LastCall = max(TimeGenerated) by Computer, _ResourceId
| where LastCall < ago(5m)

 

Thank you .
1 best response

Accepted Solutions
best response confirmed by GBushey (Microsoft)
Solution

@Siva_G 

 

There are examples in the Queries pane of Log Analytics. 

Clive_Watson_0-1663320796162.png

This one checks if a Server hasn't reported in in 5mins (adjust as necessary).  Add this to a Sentinel Scheduled Analytic rule Create custom analytics rules to detect threats with Microsoft Sentinel | Microsoft Docs

Example:
Go to Log Analytics and run query


// Not reporting VMs 
// VMs that have not reported a heartbeat in the last 5 minutes. 
// To create an alert for this query, click '+ New alert rule'
Heartbeat 
| where TimeGenerated > ago(24h)
| summarize LastCall = max(TimeGenerated) by Computer, _ResourceId
| where LastCall < ago(5m)

 

View solution in original post