Vaikora_SecurityAlerts_CL
| where TimeGenerated >= ago(12h)
| summarize Count = count()
| where Count == 0
| extend
Alert = "No Vaikora data ingested in the last 12 hours",
Suggestion = "Check the VaikoraToAzureSecurityCenter Logic App run history and verify the Vaikora API key is valid."
| project Alert, Suggestion
triggerOperator: lt
tactics: []
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Vaikora-AzureSecurityCenter/Analytic Rules/Vaikora - Feed Outage Detection.yaml
alertDetailsOverride:
alertDescriptionFormat: The Vaikora_SecurityAlerts_CL table has received no records in the last 12 hours. Check the Logic App playbook and API connectivity.
alertDisplayNameFormat: Vaikora Feed Outage - No data ingested in 12 hours
version: 1.0.0
query: |
Vaikora_SecurityAlerts_CL
| where TimeGenerated >= ago(12h)
| summarize Count = count()
| where Count == 0
| extend
Alert = "No Vaikora data ingested in the last 12 hours",
Suggestion = "Check the VaikoraToAzureSecurityCenter Logic App run history and verify the Vaikora API key is valid."
| project Alert, Suggestion
triggerThreshold: 1
relevantTechniques: []
queryPeriod: 12h
status: Available
severity: Low
kind: Scheduled
name: Vaikora - Feed outage detection
queryFrequency: 12h
id: 5f7789fa-0a6b-4dff-a2da-dfa4b682f3af
description: |
Identifies when no Vaikora data has arrived in the Vaikora_SecurityAlerts_CL table for 12 or more hours, which may indicate a failed playbook, expired API key, or connectivity issue.
requiredDataConnectors:
- dataTypes:
- Vaikora_SecurityAlerts_CL
connectorId: VaikoraSecurityCenter
