Merge pull request #206264 from cwatson-cat/7-28-22-hth-mon-spl

denrea · web-flow · commit 476462e2575e · 2022-07-28T12:33:45.000-07:00
Sentinel - splt health monitor article 4 future wk
diff --git a/articles/sentinel/TOC.yml b/articles/sentinel/TOC.yml
@@ -258,8 +258,6 @@
       href: create-codeless-connector.md
     - name: Connect Azure Stack VMs
       href: connect-azure-stack.md
-    - name: Monitor data connector health
-      href: monitor-data-connector-health.md
     - name: Integrate Azure Data Explorer
       href: store-logs-in-azure-data-explorer.md
   - name: Normalize data
@@ -288,6 +286,10 @@
       href: get-visibility.md
     - name: Use Azure Monitor workbooks
       href: ./monitor-your-data.md
+    - name: Enable health monitoring
+      href: monitor-sentinel-health.md
+    - name: Monitor data connector health
+      href: monitor-data-connector-health.md
   - name: Detect threats and analyze data
     items:
     - name: MITRE ATT&CK coverage
diff --git a/articles/sentinel/monitor-data-connector-health.md b/articles/sentinel/monitor-data-connector-health.md
@@ -1,18 +1,16 @@
 ---
-title: Monitor the health of your Microsoft Sentinel data connectors | Microsoft Docs
+title: Monitor the health of your Microsoft Sentinel data connectors
 description: Use the SentinelHealth data table and the Health Monitoring workbook to keep track of your data connectors' connectivity and performance.
-author: bagol
+author: limwainstein
+ms.author: lwainstein
 ms.topic: how-to
 ms.custom: mvc, ignite-fall-2021
-ms.date: 12/30/2021
-ms.author: yelevin
+ms.date: 07/28/2022
+ms.service: microsoft-sentinel
 ---
 
----
 # Monitor the health of your data connectors
 
-[!INCLUDE [Banner for top of topics](./includes/banner.md)]
-
 After you've configured and connected your Microsoft Sentinel workspace to your data connectors, you'll want to monitor your connector health, viewing any service or data source issues, such as authentication, throttling, and more.
 
 You also might like to configure notifications for health drifts for relevant stakeholders who can take action. For example, configure email messages, Microsoft Teams messages, new tickets in your ticketing system, and so on.
@@ -21,12 +19,12 @@ This article describes how to use the following features, which allow you to kee
 
 - **Data connectors health monitoring workbook**. This workbook provides additional monitors, detects anomalies, and gives insight regarding the workspace’s data ingestion status. You can use the workbook’s logic to monitor the general health of the ingested data, and to build custom views and rule-based alerts.
 
-- ***SentinelHealth* data table**. (Public preview) Provides insights on health drifts, such as latest failure events per connector, or connectors with changes from success to failure states, which you can use to create alerts and other automated actions.
-
-    > [!NOTE]
-    > The *SentinelHealth* data table is currently supported only for [selected data connectors](#supported-data-connectors).
-    >
+- ***SentinelHealth* data table**. (Public preview) Provides insights on health drifts, such as latest failure events per connector, or connectors with changes from success to failure states, which you can use to create alerts and other automated actions. The *SentinelHealth* data table is currently supported only for [selected data connectors](#supported-data-connectors).
 
+> [!IMPORTANT]
+>
+> The *SentinelHealth* data table is currently in **PREVIEW**. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
+>
 
 ## Use the health monitoring workbook
 
@@ -69,19 +67,10 @@ There are three tabbed sections in this workbook:
 
 ## Use the SentinelHealth data table (Public preview)
 
-To get data connector health data from the *SentinelHealth* data table, you must first [turn on the Microsoft Sentinel health feature](#turn-on-microsoft-sentinel-health-for-your-workspace) for your workspace.
+To get data connector health data from the *SentinelHealth* data table, you must first turn on the Microsoft Sentinel health feature for your workspace. For more information, see [Turn on health monitoring for Microsoft Sentinel](monitor-sentinel-health.md).
 
 Once the health feature is turned on, the *SentinelHealth* data table is created at the first success or failure event generated for your data connectors.
 
-> [!TIP]
-> To configure the retention time for your health events, see the [Configure data retention and archive policies in Azure Monitor Logs](../azure-monitor/logs/data-retention-archive.md).
->
-
-> [!IMPORTANT]
->
-> The SentinelHealth data table is currently in **PREVIEW**. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
->
-
 ### Supported data connectors
 
 The *SentinelHealth* data table is currently supported only for the following data connectors:
@@ -93,32 +82,6 @@ The *SentinelHealth* data table is currently supported only for the following da
 - [Threat Intelligence - TAXII](connect-threat-intelligence-taxii.md)
 - [Threat Intelligence Platforms](connect-threat-intelligence-tip.md)
 
-### Turn on Microsoft Sentinel health for your workspace
-
-1. In Microsoft Sentinel, under the **Configuration** menu on the left, select **Settings** and expand the **Health** section.
-
-1. Select **Configure Diagnostic Settings** and create a new diagnostic setting.
-
-    - In the **Diagnostic setting name** field, enter a meaningful name for your setting.
-
-    - In the **Category details** column, select **DataConnectors**.
-
-    - Under **Destination details**, select **Send to Log Analytics workspace**, and select your subscription and workspace from the dropdown menus.
-
-1. Select **Save** to save your new setting.
-
-The *SentinelHealth* data table is created at the first success or failure event generated for your data connectors.
-
-
-### Access the *SentinelHealth* table
-
-In the Microsoft Sentinel **Logs** page, run a query on the  *SentinelHealth* table. For example:
-
-```kusto
-SentinelHealth
- | take 20
-```
-
 ### Understanding SentinelHealth table events
 
 The following types of health events are logged in the *SentinelHealth* table:
@@ -206,7 +169,7 @@ For more information, see [Azure Monitor alerts overview](../azure-monitor/alert
 
 ### SentinelHealth table columns schema
 
-The following table describes the columns and data generated in the *SentinelHealth* data table:
+The following table describes the columns and data generated in the SentinelHealth data table for data connectors:
 
 | ColumnName    | ColumnType     | Description|
 | ----------------------------------------------- | -------------- | --------------------------------------------------------------------------- |
@@ -224,7 +187,6 @@ The following table describes the columns and data generated in the *SentinelHea
 | **ExtendedProperties**        | Dynamic (json) | A JSON bag that varies by the [OperationName](#operationname) value and the [Status](#status) of the event: <br><br>- For `Data fetch status change` events with a success indicator, the bag contains a ‘DestinationTable’ property to indicate where data from this connector is expected to land. For failures, the contents vary depending on the failure type.    |
 | **Type**          | String         | `SentinelHealth`                         |
 
-
 ## Next steps
 
 Learn how to [onboard your data to Microsoft Sentinel](quickstart-onboard.md), [connect data sources](connect-data-sources.md), and [get visibility into your data, and potential threats](get-visibility.md).
diff --git a/articles/sentinel/monitor-sentinel-health.md b/articles/sentinel/monitor-sentinel-health.md
@@ -0,0 +1,53 @@
+---
+title: Turn on health monitoring in Microsoft Sentinel
+description: Monitor supported data connectors by using the SentinelHealth data table.
+ms.topic: how-to
+ms.date: 7/28/2022
+author: limwainstein
+ms.author: lwainstein
+ms.service: microsoft-sentinel
+---
+
+# Turn on health monitoring for Microsoft Sentinel (preview)
+
+Monitor the health of supported data connectors by turning on health monitoring in Microsoft Sentinel. Get insights on health drifts, such as the latest failure events, or changes from success to failure states. Use this information to create alerts and other automated actions.
+
+To get health data from the *SentinelHealth* data table, you must first turn on the Microsoft Sentinel health feature for your workspace.
+
+When the health feature is turned on, the *SentinelHealth* data table is created at the first success or failure event generated for supported data connectors.
+
+To configure the retention time for your health events, see [Configure data retention and archive policies in Azure Monitor Logs](../azure-monitor/logs/data-retention-archive.md).
+
+> [!IMPORTANT]
+>
+> The *SentinelHealth* data table is currently in **PREVIEW**. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
+>
+
+## Turn on health monitoring for your workspace
+
+1. In Microsoft Sentinel, under the **Configuration** menu on the left, select **Settings** and expand the **Health** section.
+
+1. Select **Configure Diagnostic Settings** and create a new diagnostic setting.
+
+    - In the **Diagnostic setting name** field, enter a meaningful name for your setting.
+
+    - In the **Category details** column, select the appropriate category like **Data Connector**.
+
+    - Under **Destination details**, select **Send to Log Analytics workspace**, and select your subscription and workspace from the dropdown menus.
+
+1. Select **Save** to save your new setting.
+
+The *SentinelHealth* data table is created at the first success or failure event generated for supported resources.
+
+## Access the *SentinelHealth* table
+
+In the Microsoft Sentinel **Logs** page, run a query on the  *SentinelHealth* table. For example:
+
+```kusto
+SentinelHealth
+ | take 20
+```
+
+## Next steps
+
+[Monitor the health of your Microsoft Sentinel data connectors](monitor-data-connector-health.md)
diff --git a/articles/sentinel/whats-new.md b/articles/sentinel/whats-new.md
@@ -633,7 +633,7 @@ For more information, see:
 
 ### Data connector health enhancements (Public preview)
 
-Azure Sentinel now provides the ability to enhance your data connector health monitoring with a new *SentinelHealth* table. The *SentinelHealth* table is created after you [turn on the Azure Sentinel health feature](monitor-data-connector-health.md#turn-on-microsoft-sentinel-health-for-your-workspace) in your Azure Sentinel workspace, at the first success or failure health event generated.
+Azure Sentinel now provides the ability to enhance your data connector health monitoring with a new *SentinelHealth* table. The *SentinelHealth* table is created after you [turn on the Azure Sentinel health feature](monitor-sentinel-health.md) in your Azure Sentinel workspace, at the first success or failure health event generated.
 
 For more information, see [Monitor the health of your data connectors with this Azure Sentinel workbook](monitor-data-connector-health.md).
 
