Saturday, May 17, 2025

Build+Break+Secure

Learn by building. Master by breaking. Secure by obsession.

Build+Break+Secure

Learn by building. Master by breaking. Secure by obsession.

Kusto Query LanguageMicrosoft SentinelSECURE

List Data Connector Failures In The Last Three Days

Wayne Andes 2 min read

Description

This KQL query detects latest failure events per Data Connector in the last three days.

Risk

Failures in Data connectors mean that no data is being ingested thus no potential alerts will be triggered.

Query

Microsoft Sentinel
Kusto
SentinelHealth
| where TimeGenerated > ago(3d)
| where OperationName == 'Data fetch status change'
| where Status in ('Success', 'Failure')
| summarize TimeGenerated = arg_max(TimeGenerated,*) by SentinelResourceName, SentinelResourceId
| where Status == 'Failure'

References

You May Also Like

List Total Successful Sign-Ins By Operating System

Wayne Andes

List Malicious DNS Name Detected Based On Threat Intelligence Indicators By Fortinet

Wayne Andes

List Banned File Written To Computer Detected By VMware Carbon Black App Control

Wayne Andes

Leave a Reply

Your email address will not be published. Required fields are marked *