Giters

hisashin0728 / DetectFailedStatusSentinelHealthTable

Failure alerts of Microsoft Sentinel Health Table

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

DetectFailedStatusSentinelHealthTable

Failure alerts of Microsoft Sentinel Health Table

This rule detects "Failure" situtation from Microsoft Sentinel Health Table. This alerts detects issues about Data collectors, Automation rule, Playbooks, Analytics rules. https://learn.microsoft.com/en-us/azure/sentinel/health-table-reference

Install

Import json file from Microsoft Sentinel image

Alerts

Current Settings is follow:

image

Alert Settings
Alert Name {{SentinelResourceType}} failed about {{SentinelResourceName}}
Alert Desription {{Description}}, Reason code is {{Reason}}.

Example

Alert Sample
Alert Name Data connector failed about Office365-Exchange
Alert Description Data fetch failed (Tenant does not exist in the O365 Management API.), Reason code is SC20011.

Current Scheduled KQL Query

SentinelHealth
| where Status == "Failure"
| project TimeGenerated, OperationName, Status, SentinelResourceId, SentinelResourceName, Description, Reason, SentinelResourceType, SentinelResourceKind
image

About

Failure alerts of Microsoft Sentinel Health Table