Vaikora_SecurityAlerts_CL
| where TimeGenerated >= ago(12h)
| summarize Count = count()
| where Count == 0
| extend
Alert = "No Vaikora data ingested in the last 12 hours",
Suggestion = "Check the VaikoraToAzureSecurityCenter Logic App run history and verify the Vaikora API key is valid."
| project Alert, Suggestion
name: Vaikora - Feed outage detection
query: |
Vaikora_SecurityAlerts_CL
| where TimeGenerated >= ago(12h)
| summarize Count = count()
| where Count == 0
| extend
Alert = "No Vaikora data ingested in the last 12 hours",
Suggestion = "Check the VaikoraToAzureSecurityCenter Logic App run history and verify the Vaikora API key is valid."
| project Alert, Suggestion
queryPeriod: 12h
version: 1.0.0
tactics: []
triggerOperator: lt
kind: Scheduled
triggerThreshold: 1
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Vaikora-AzureSecurityCenter/Analytic Rules/Vaikora - Feed Outage Detection.yaml
alertDetailsOverride:
alertDescriptionFormat: The Vaikora_SecurityAlerts_CL table has received no records in the last 12 hours. Check the Logic App playbook and API connectivity.
alertDisplayNameFormat: Vaikora Feed Outage - No data ingested in 12 hours
relevantTechniques: []
id: 5f7789fa-0a6b-4dff-a2da-dfa4b682f3af
severity: Low
requiredDataConnectors:
- connectorId: VaikoraSecurityCenter
dataTypes:
- Vaikora_SecurityAlerts_CL
status: Available
description: |
Identifies when no Vaikora data has arrived in the Vaikora_SecurityAlerts_CL table for 12 or more hours, which may indicate a failed playbook, expired API key, or connectivity issue.
queryFrequency: 12h
