Data sources that stop logging to your SIEM put your organization at risk. If one of your organization’s firewalls stops logging to the SIEM, your SOC will be blind to malicious traffic traversing it. If your endpoint protection application stops logging, your analysts won’t be able to see if malicious files are being executed on one of your billing servers.

LOGTITAN has many ways to monitor logging. The first option is to configure during log source settings. Alerts can be triggered if the log source stopped sending logs.

Alerting On Quiet Log Sources

Monitoring Period for Work Hours is the field to configure the duration within which a log should be received by the LOGTITAN. Failure to receive a log within this period will trigger this alert. The is valid for Monitoring Period for After Hours

The second option is to develop a rule for this.

Alerting On Quiet Log Sources