Failure alerts of Microsoft Sentinel Health Table
This rule detects "Failure" situtation from Microsoft Sentinel Health Table. This alerts detects issues about Data collectors, Automation rule, Playbooks, Analytics rules. https://learn.microsoft.com/en-us/azure/sentinel/health-table-reference
Import json file from Microsoft Sentinel
Current Settings is follow:
| Alert | Settings |
|---|---|
| Alert Name | {{SentinelResourceType}} failed about {{SentinelResourceName}} |
| Alert Desription | {{Description}}, Reason code is {{Reason}}. |
| Alert | Sample |
|---|---|
| Alert Name | Data connector failed about Office365-Exchange |
| Alert Description | Data fetch failed (Tenant does not exist in the O365 Management API.), Reason code is SC20011. |
SentinelHealth
| where Status == "Failure"
| project TimeGenerated, OperationName, Status, SentinelResourceId, SentinelResourceName, Description, Reason, SentinelResourceType, SentinelResourceKind
