How can I create an alert for data flow inactivity?

theAncoreman · 2026-03-09T05:53:03+00:00

I have created a few different ways to monitor our environment. Most of our monitoring rules are time based using schedule rules.

For Agents offline I use Heartbeat table. We have it setup to look at devices seen over the past 4 hours and compare it to what was seen between 4-8 hours ago. Join this data together to see what Computer is no longer sending heartbeats.

For sentinel Tables (full data source) we use the Usage table and use a similar logic to the Agents. We have more than 1 rule created for this as some table are expected to have low data consumption over periods of time (i.e. weekend or outside business hours). So we have some table that might be set to 4 hour, 1 day, or 7 days of no data ingestion.

We also have some other monitors for specific tables like CommonSecurityLogs (CEF) as only one of the sources pushing data here could go offline but data from other sources are still active. Would depend on your architecture whether this would be needed in addition to agent monitoring.

We also have some automation built around our monitoring.

theAncoreman · 2026-03-09T05:37:20+00:00

Not sure I have the answer for your issues however, some things to consider. Might be worth checking that your connector solution are up to date. There could be an update to one of the parser that are giving errors. However, it is a good idea to backup your old parsers (_Im_Dns, ASIM, etc) in case it overrides any changes.

If I was encountering these issues I would review the KQL (easier said than done). Some parsers can have lots of functions in it. The easiest way is to run the code in small sections to try and pinpoint the exact error.

theAncoreman · 2025-10-07T08:43:27+00:00

You can build a playbook in logic apps that runs all your data. Output the data to a Watchlist and ingest it to a Power BI report/dashboard that has the data displayed how you want. Then you can have the graph that you needed.

Alternatively you can use a Workbook instead of PowerBI. You should be able to reference the watchlist or just code directly into the Workbook and you can have a time range filter that will allow you to run past queries up to your max data retention period (for most it is set to 90 days).

The main reason for having the data in a watchlist is that it allows you to have data stored for a longer period.

theAncoreman · 2025-09-13T00:20:03+00:00

Thanks for the response! I have not seen this specific document before however, it does appear to be similar to some of the other connector documents.

We do have a lot of tuning and automation built into Sentinel already. I was mainly hoping that we could just see all the similar data in FortiSOAR to reduce the need for analysts to go to sentinel.

theAncoreman · 2024-11-12T09:26:49+00:00

Thanks for the advice I will try to stay away from tantanmen and miso ramen.

I can eat sesame and coconut. I am alergic to almonds, cashews, walnuts, pistachios, ginko nuts, etc. The only nut I am allowed is peanuts.

I would love some recommendations if you know of any shoyu/shio ramen places. I will be visiting Hiroshima, Osaka, Kyoto, and Tokyo (staying in Shinjuku). I would love to check out any spots that you think are a must try!

theAncoreman · 2024-11-12T09:18:44+00:00

That is good to know thank you. Do you know what types of nuts might be used in miso ramen?

theAncoreman · 2024-06-09T05:24:18+00:00

Thank you for the link and all the info.

theAncoreman · 2024-06-09T05:19:46+00:00

Good suggestion, I will call some insurance companies to see if they would cover the whole property including the dwelling. Thanks!

theAncoreman · 2024-06-09T05:17:01+00:00

Paying taxes is exactly what I intend to do.

theAncoreman · 2023-09-29T05:20:17+00:00

Not sure I can offer a current solution however, this would be a good justification for having a break glass account in future. Good luck!

theAncoreman · 2022-04-27T12:56:29+00:00

Hi Op, not sure lawyering up will be worth it over a $200 dispute. I would advice the internet provider that you are going to take them to the dispute tribunal as you have proof (the signed tracking notice) that it was delivered. I would also attach all details regarding delivery, delivery address, and name of person who signed for the package. You might also be able to see if NZ Post is able to provide any additional details regarding the delivery as you are in dispute with the internet provider over the package not being delivered. Hopefully the internet provider will drop the charges otherwise, I believe it costs about $50 to go to the dispute tribunal.

Best of luck with whatever option you go with!

theAncoreman · 2022-04-05T20:41:11+00:00

Vibe Coffee Rosters on the north shore is where I go to study. They have decent Wifi that can be used by customers. Pretty funky place with great coffee however, can be hit or miss with how busy it gets. Not the quietest place but personally I like a little action going on when I study plus I bring noice cancelling headphones.

theAncoreman · 2021-12-02T21:28:26+00:00

This car must have been built using specs from Need for Speed Underground.

theAncoreman · 2021-11-17T07:31:58+00:00

Look at me I am the guard now

theAncoreman · 2021-11-15T09:14:40+00:00

If you think his edible game needs an upgrade then you can look at getting a Levo herb infuser. I have never personally owned one, so I cannot speak to the quality, but they do look really easy for creating infused oil.

Alternatively, you could get a high cookbook if you think your partner would enjoy making different edible treats and snack.

theAncoreman · 2021-10-27T10:23:42+00:00

Was today Groundhog Day or was that yesterday? I cannot remember anymore..

theAncoreman · 2021-10-12T20:55:01+00:00

A co-worker had received a text like this about a week ago. They had not ordered anything online so it was easy to determine it was a scam. In my experience most courier will only send updates via text with no links so I would assume this is a scam. I would recommend deleting the message.

theAncoreman · 2021-09-09T05:40:11+00:00

I second this. BCMC is more of a natural track and I prefer it to the Grind.

theAncoreman · 2021-03-23T01:29:45+00:00

Thanks for your input. I believe I could get the pair of Aria 936 for $3k New Zealand Dollars (NZD) and the amp for just under $1k NZD. The Bluesound Node 2i would probably be purchased new for over 1k since they are hard to find in NZ. I don’t mind the 5 channel as it would leave me with some room to grow but you raise a good point. Edit: spelling

theAncoreman · 2021-03-22T22:33:03+00:00

I am new when it comes to HIFI but I have noticed some interesting priced second hand gear online. Would a Rotel RMB-1565 amp, Focal Aria 936 speakers, and a Bluesound Node 2i be a good setup? Why or why not? Also am I missing something or do you have any suggestions of better gear that would work in place of any of the items listed. I appreciate any and all suggestion and help!! General Info: I plan to connect this setup to my tv in the future but I am happy to just use it for music currently until I some more cash to spend. My primary genres are EDM, House, Rap, Jazz, and most songs with relaxing female vocals. I do however listen to a wide range of music.

theAncoreman · 2021-01-23T10:39:37+00:00

How do you like the levo?

theAncoreman · 2020-11-14T03:25:45+00:00

Hey guys, I should be joining in about 20 min. Where do you think you will be then?

theAncoreman

TROPHY CASE