Vaikora_SecurityAlerts_CL
| where TimeGenerated >= ago(12h)
| summarize Count = count()
| where Count == 0
| extend
Alert = "No Vaikora data ingested in the last 12 hours",
Suggestion = "Check the VaikoraToAzureSecurityCenter Logic App run history and verify the Vaikora API key is valid."
| project Alert, Suggestion
tactics: []
requiredDataConnectors:
- dataTypes:
- Vaikora_SecurityAlerts_CL
connectorId: VaikoraSecurityCenter
alertDetailsOverride:
alertDisplayNameFormat: Vaikora Feed Outage - No data ingested in 12 hours
alertDescriptionFormat: The Vaikora_SecurityAlerts_CL table has received no records in the last 12 hours. Check the Logic App playbook and API connectivity.
id: 5f7789fa-0a6b-4dff-a2da-dfa4b682f3af
severity: Low
status: Available
query: |
Vaikora_SecurityAlerts_CL
| where TimeGenerated >= ago(12h)
| summarize Count = count()
| where Count == 0
| extend
Alert = "No Vaikora data ingested in the last 12 hours",
Suggestion = "Check the VaikoraToAzureSecurityCenter Logic App run history and verify the Vaikora API key is valid."
| project Alert, Suggestion
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Vaikora-AzureSecurityCenter/Analytic Rules/Vaikora - Feed Outage Detection.yaml
kind: Scheduled
queryPeriod: 12h
version: 1.0.0
name: Vaikora - Feed outage detection
queryFrequency: 12h
triggerThreshold: 1
relevantTechniques: []
description: |
Identifies when no Vaikora data has arrived in the Vaikora_SecurityAlerts_CL table for 12 or more hours, which may indicate a failed playbook, expired API key, or connectivity issue.
triggerOperator: lt
