Managed Sentinel – Alert 200

Alert IDMS-A200
Alert NameSilent log source monitoring - Heartbeat
DescriptionThis alert is triggered when Sentinel can no long detect a heartbeat from an endpoint that has the Microsoft Monitoring Agent installed (MMA) (in the last 1 hour)
Severity LevelInformational
Threat IndicatorSystem monitoring impact
MITRE ATT&CK TacticsExecution
Log sourcesWindows
False PositivesWindows server has been decommissioned (planned change)
Recommendations1. Customer needs to investigate on the Windows server if Microsoft Monitoring Agent is stopped or misconfigured
2. Notify MSSP provider to this server from Azure Sentinel monitoring scope ( applicable if server has been decommissioned)