Hello everyone,
do you have any idea how to create some sort of alerting whenever the NTA server is physically down? by creating a custom alert or some kind of notification signaling…
Any idea is more than welcomed.
Thank you in advance!
Hi Dejan,
yes you can create an Inactivity Alert.
The steps to create this are, navigate to log search.
Select the Network Flow Logset
Select Add Alert → Inactivity Detection Alert
Then configure the Trigger Setting as required (10 minutes minimum)
If you have multiple network sensors, if any of the sensors stop sending data for 10 minutes (adjust accordingly) or more and then the alert will fire.
You can choose to Create an Investigation, or alternatively you can choose to send it to an Email, Slack, Pagerduty or Webhook, or even an ICON workflow.
David
Great!
Thanks David!
hey @david_smith as a follow-up question, how can we know when the sensor is up again without going into the portal? Can we create some form of (email) notification as well?