cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

How to get trigger when our app server was down

Siva_G
New Contributor

‎Sep 16 2022 12:22 AM

‎Sep 16 2022 12:22 AM

How to get trigger when our app server was down

Hi Friends,

 

I have one vm. In that vm i hosted one application server.so incase my server was down. that how to i get alert in login app in through sentinel.is it possible or not?if incase possiable how i deployed on.what is the procedure and what is the prerequeist

Labels:
544 Views
0 Likes
2 Replies
Reply
2 Replies
best response confirmed by GBushey (Microsoft)
Clive_Watson

‎Sep 16 2022 02:37 AM

‎Sep 16 2022 02:37 AM

Solution

Re: How to get trigger when our app server was down

@Siva_G 

 

There are examples in the Queries pane of Log Analytics. 

Clive_Watson_0-1663320796162.png

This one checks if a Server hasn't reported in in 5mins (adjust as necessary).  Add this to a Sentinel Scheduled Analytic rule Create custom analytics rules to detect threats with Microsoft Sentinel | Microsoft Docs

Example:
Go to Log Analytics and run query


// Not reporting VMs 
// VMs that have not reported a heartbeat in the last 5 minutes. 
// To create an alert for this query, click '+ New alert rule'
Heartbeat 
| where TimeGenerated > ago(24h)
| summarize LastCall = max(TimeGenerated) by Computer, _ResourceId
| where LastCall < ago(5m)

 

1 Like
Reply
Siva_G

‎Sep 19 2022 09:36 PM

‎Sep 19 2022 09:36 PM

Re: How to get trigger when our app server was down

Thank you .
0 Likes
Reply