История

DixitVedanshi c78e5a3a0d Updating sentinel cost anomaly alert		2023-07-18 15:55:13 +05:30
..
images	Reuploaded images	2021-06-22 20:38:52 +03:00
02-parameters.png	Add files via upload	2021-08-17 03:44:50 +03:00
azuredeploy.json	Updating sentinel cost anomaly alert	2023-07-18 15:55:13 +05:30
readme.md	fixed Azure Deploy link	2022-05-12 09:44:38 +01:00

readme.md

Ingestion Anomaly Alert Playbook

This playbook sends you an alert should there be an ingestion spike into your workspace. The playbook uses the series_decompose_anomalies KQL function to determine anomalous ingestion.

Deployment steps

Scroll to the bottom of this document and click the "Deploy to Azure" button

Fill in the parameters, changing the default values as required for your environment

Select your newly deployed app from the resource group

Click on edit to make the connections to Log Analytics and Office 365

Defince the frequency the playbook should execute. Default is daily so you get alerted at the earliest sign of an ingestion anomaly

Make the connections to your Log Analytics workspace using an account with the appropriate permissions. Do the same for Office 365.

Save the app

Enable the app

For more information on the anomaly function read this this document