Need to be able to monitor silent log sources using Sentinel

Angela Marafino 0 Reputation points

We need to get the lists of hosts that have not sent us logs in the last X hours. X would need to be somewhat configurable for certain hosts.

We also need to know when a log source has resumed sending logs so we can update on our side the case with the silent log source (to remove the non-silent ones).

And to have this feature, we need to be able to store data somewhere and run queries against the stored data.

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
797 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Givary-MSFT 19,781 Reputation points Microsoft Employee

    @Angela Marafino Thank you for reaching out to us, As I understand you are looking to monitor silent log sources using Sentinel, while researching on this I came across this blog - which you already visited/commented.

    Also came across these links which might be helpful

    However will check more on this with my team and revert back.

    0 comments No comments