Ingestion monitoring for Data sources

Owned by Deepanshu Marwah
18 June 2024
2 min read

Introduction

To ensure complete and uninterrupted data ingestion in your Microsoft Sentinel service, keep track of your data connectors' health, connectivity, and performance.

Azure-Sentinel-Ingestion-Monitoring features allow you to perform this monitoring from within Microsoft Sentinel.

Armor workbook: Azure-Sentinel-Ingestion-Monitoring

image-20240618-154650.png

 This workbook provides additional monitors, detects anomalies, and gives insight regarding the workspace’s data ingestion status. You can use the workbook’s logic to monitor the general health of the ingested data, and to build custom views

How to use the workbook

  1. From the Microsoft Sentinel portal, select Workbooks from the Threat management section of the navigation menu.

  2. Select My workbooks to use the workbook as is and click on

Azure-Sentinel-Ingestion-Monitoring workbook and click on View saved workbook.

image-20240618-154826.png

  1. Once in the workbook, first select the subscription and workspace you wish to view, then define the TimeRange to filter the data according to your needs. Use the Show help toggle to display in-place explanation of the workbook.

 

  1. You can view all kinds of metrics in the workbook like avg ingestion per day in last 7 days(based on selected time range) or ingestion in different tables.

Contact support for more information

For any further queries regarding data ingestion raise a request at https://support.armor.com

Additional References

Monitor the health of your Microsoft Sentinel data connectors | Microsoft Learn