Hello, I've noticed through my dashboard that some windows assets (domain controllers) stopped sending logs to secops?
What is the best way to get notified in this case without using dashboards ?
This can be done on GCP and create alerting based on hostname ?
Thanks.
Host stopped sending events - Monitoring
- Silver 2
+2- Bronze 2
If you are using Bindplane to gather those logs, follow the silent host monitoring documentation documentation: https://www.googlecloudcommunity.com/gc/News-Announcements/Alerting-on-Sources-Going-Silent-with-Google-SecOps-Silent-Host/m-p/887846?nobounce
+10Hi @Rached1996 we offer Cloud Monitoring for SecOps SIEM ingestion. You can create an alert on a filter such as the data namespace, collector ID or ingestion label.
https://cloud.google.com/chronicle/docs/ingestion/ingestion-notifications-for-health-metrics
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.