We currently support the automatic creation of escalations when a log source stops responding, however it requires a log source to send data once an hour for 7 consecutive days. This helps prevent unnecessary escalations and escalations for workstations. However with API sources that were never able to connect successfully, or only intermittently send data, we are developing an additional solution for escalations. The in-development capability will create an escalation when the API key no longer authenticates successfully, or if the service no longer responds to API calls. This will be released in Q1 2026.
