Managed Sentinel – Alert 202
| Alert ID | MS-A202 |
| Alert Name | Silent log source monitoring - Windows Security |
| Description | This alert is triggered when Sentinel can no long detect Security Event log entries from a Windows log source (in the last 1 hour). |
| Severity Level | Informational |
| Threat Indicator | System monitoring impact |
| MITRE ATT&CK Tactics | Execution |
| Log sources | Windows |
| False Positives | Windows server has been decommissioned (planned change) |
| Recommendations | 1. Customer needs to investigate on the Windows server if Microsoft Monitoring Agent is stopped or misconfigured 2. Notify MSSP provider to this server from Azure Sentinel monitoring scope ( applicable if server has been decommissioned) |