This alert is triggered when Sentinel can no long detect log entries from a log source sending the logs in CEF format to CommonSecurityLog (in the last 1 hour).
System monitoring impact
MITRE ATT&CK Tactics
Remote device has been decommissioned (planned change)
1. Customer needs to investigate on the remote device to understand if any changes has been completed (e.g. service stopped or misconfigured)
2. Notify MSSP provider to this device from Azure Sentinel monitoring scope ( applicable if server has been decommissioned)