If we could get some kind of alert if one of the log sources stopped providing logs to the SIEM, that would be really cool. DNS Filter had an error, and we lost like two weeks of logs before anyone noticed.
C
Chris
Agree this is a needed function. Otherwise, are you to check daily that all collectors are reporting seems like it could just monitor if there has been lack of activity on a collector to send an alert.
