Managed Sentinel – Alert 200
| Alert ID | MS-A200 |
| Alert Name | Silent log source monitoring - Heartbeat |
| Description | This alert is triggered when Sentinel can no long detect a heartbeat from an endpoint that has the Microsoft Monitoring Agent installed (MMA) (in the last 1 hour) |
| Severity Level | Informational |
| Threat Indicator | System monitoring impact |
| MITRE ATT&CK Tactics | Execution |
| Log sources | Windows |
| False Positives | Windows server has been decommissioned (planned change) |
| Recommendations | 1. Customer needs to investigate on the Windows server if Microsoft Monitoring Agent is stopped or misconfigured 2. Notify MSSP provider to this server from Azure Sentinel monitoring scope ( applicable if server has been decommissioned) |