Descriptor: Name: BadTable DisplayName: Sentinel Tables Not Ingesting Data Description: Check all Tables to see which ones have not ingested data in 3 days or more SkillGroups: - Format: KQL Skills: - Name: BadTable DisplayName: Sentinel Tables Not Ingesting Data Description: Check all Tables to see which ones have not ingested data in 3 days or more Settings: Target: Sentinel TenantId: <your_tenant_ID> SubscriptionId: <your_subscription_ID> ResourceGroupName: <your_RG_name> WorkspaceName: <your_WS_name> Template: |- union withsource=BadTable * | where TimeGenerated > ago(3d) | summarize Entries = count(), last_log = datetime_diff("second",now(), max(TimeGenerated)), estimate = sumif(_BilledSize, _IsBillable==true) by BadTable | where last_log >= 259200 | project BadTable