<ul><li>You can create a custom rule to generate an offense or send notifications when logs stop coming from any log source.</li><li>Go to the Rules Section: Navigate to Offenses > Rules. Click Actions > New Event Rule.</li><li>Define the Rule Conditions: Steps: In the rule editor, click on Test Group and choose from the drop-down list Log Source Test. Search for and select parameter 'when the event(s) have not been detected by'. Set the 'of these log sources' and 'this many' (e.g., 10 minutes (set in seconds)).</li><li>Add Response to the Rule: Under the Response tab, choose the response(s) to make when an event triggers this rule.</li></ul>

IBM QRadar: How to Create a Rule for Log Source Monitoring

Discover more