| DisplayName | ID | Target | Category | Enabled | Alert Generate |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.AbnormalBehaviorSuspiciousActivity](/images/Rule.png) | 异常行为可疑活动 | Microsoft.AdvancedThreatAnalytics.1_7.Center.AbnormalBehaviorSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_7.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.AbnormalSmbSuspiciousActivity](/images/Rule.png) | 异常 SMB 可疑活动 | Microsoft.AdvancedThreatAnalytics.1_7.Center.AbnormalSmbSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_7.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.AccountEnumerationSuspiciousActivity](/images/Rule.png) | 帐户枚举可疑活动 | Microsoft.AdvancedThreatAnalytics.1_7.Center.AccountEnumerationSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_7.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.BruteForceSuspiciousActivity](/images/Rule.png) | 暴力破解可疑活动 | Microsoft.AdvancedThreatAnalytics.1_7.Center.BruteForceSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_7.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.CenterDatabaseDataDriveFreeSpaceMonitoringAlert](/images/Rule.png) | 中心数据库数据驱动器可用空间监视警报 | Microsoft.AdvancedThreatAnalytics.1_7.Center.CenterDatabaseDataDriveFreeSpaceMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_7.Center | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.CenterOverloadedMonitoringAlert](/images/Rule.png) | 中心重载监视警报 | Microsoft.AdvancedThreatAnalytics.1_7.Center.CenterOverloadedMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_7.Center | PerformanceHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.CertificateExpiryMonitoringAlert](/images/Rule.png) | 证书到期监视警报 | Microsoft.AdvancedThreatAnalytics.1_7.Center.CertificateExpiryMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_7.Center | ConfigurationHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.ComputerPreauthenticationFailedSuspiciousActivity](/images/Rule.png) | 计算机预身份验证失败可疑活动 | Microsoft.AdvancedThreatAnalytics.1_7.Center.ComputerPreauthenticationFailedSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_7.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.DatabaseAtSvcBlockSize](/images/Rule.png) | 数据库 AtSVC 块大小 | Microsoft.AdvancedThreatAnalytics.1_7.Center.DatabaseAtSvcBlockSize | Microsoft.AdvancedThreatAnalytics.1_7.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.DatabaseDirectoryServicesActivityBlockSize](/images/Rule.png) | 数据库 DirectoryServicesActivity 块大小 | Microsoft.AdvancedThreatAnalytics.1_7.Center.DatabaseDirectoryServicesActivityBlockSize | Microsoft.AdvancedThreatAnalytics.1_7.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.DatabaseDisconnectedMonitoringAlert](/images/Rule.png) | 数据库断开监视警报 | Microsoft.AdvancedThreatAnalytics.1_7.Center.DatabaseDisconnectedMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_7.Center | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.DatabaseDnsBlockSize](/images/Rule.png) | 数据库 DNS 块大小 | Microsoft.AdvancedThreatAnalytics.1_7.Center.DatabaseDnsBlockSize | Microsoft.AdvancedThreatAnalytics.1_7.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.DatabaseDrsrBlockSize](/images/Rule.png) | 数据库 DRSR 块大小 | Microsoft.AdvancedThreatAnalytics.1_7.Center.DatabaseDrsrBlockSize | Microsoft.AdvancedThreatAnalytics.1_7.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.DatabaseKerberosApBlockSize](/images/Rule.png) | 数据库 KerberosAP 块大小 | Microsoft.AdvancedThreatAnalytics.1_7.Center.DatabaseKerberosApBlockSize | Microsoft.AdvancedThreatAnalytics.1_7.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.DatabaseKerberosAsBlockSize](/images/Rule.png) | 数据库 KerberosAP 块大小 | Microsoft.AdvancedThreatAnalytics.1_7.Center.DatabaseKerberosAsBlockSize | Microsoft.AdvancedThreatAnalytics.1_7.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.DatabaseKerberosTgsBlockSize](/images/Rule.png) | 数据库 KerberosTGS 块大小 | Microsoft.AdvancedThreatAnalytics.1_7.Center.DatabaseKerberosTgsBlockSize | Microsoft.AdvancedThreatAnalytics.1_7.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.DatabaseLdapBlockSize](/images/Rule.png) | 数据库 LDAP 块大小 | Microsoft.AdvancedThreatAnalytics.1_7.Center.DatabaseLdapBlockSize | Microsoft.AdvancedThreatAnalytics.1_7.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.DatabaseLsaRpcBlockSize](/images/Rule.png) | 数据库 LsaRPC 块大小 | Microsoft.AdvancedThreatAnalytics.1_7.Center.DatabaseLsaRpcBlockSize | Microsoft.AdvancedThreatAnalytics.1_7.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.DatabaseNetlogonBlockSize](/images/Rule.png) | 数据库 Netlogon 块大小 | Microsoft.AdvancedThreatAnalytics.1_7.Center.DatabaseNetlogonBlockSize | Microsoft.AdvancedThreatAnalytics.1_7.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.DatabaseNtlmBlockSize](/images/Rule.png) | 数据库 NTLM 块大小 | Microsoft.AdvancedThreatAnalytics.1_7.Center.DatabaseNtlmBlockSize | Microsoft.AdvancedThreatAnalytics.1_7.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.DatabaseNtlmEventBlockSize](/images/Rule.png) | 数据库 NTLMEvent 块大小 | Microsoft.AdvancedThreatAnalytics.1_7.Center.DatabaseNtlmEventBlockSize | Microsoft.AdvancedThreatAnalytics.1_7.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.DatabaseServiceControlBlockSize](/images/Rule.png) | 数据库 ServiceControl 块大小 | Microsoft.AdvancedThreatAnalytics.1_7.Center.DatabaseServiceControlBlockSize | Microsoft.AdvancedThreatAnalytics.1_7.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.DatabaseSmbBlockSize](/images/Rule.png) | 数据库 SMB 块大小 | Microsoft.AdvancedThreatAnalytics.1_7.Center.DatabaseSmbBlockSize | Microsoft.AdvancedThreatAnalytics.1_7.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.DatabaseSrvSvcBlockSize](/images/Rule.png) | 数据库 SrvSVC 块大小 | Microsoft.AdvancedThreatAnalytics.1_7.Center.DatabaseSrvSvcBlockSize | Microsoft.AdvancedThreatAnalytics.1_7.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.DatabaseTaskSchedulerBlockSize](/images/Rule.png) | 数据库 TaskScheduler 块大小 | Microsoft.AdvancedThreatAnalytics.1_7.Center.DatabaseTaskSchedulerBlockSize | Microsoft.AdvancedThreatAnalytics.1_7.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.DirectoryServicesClientAccountPasswordExpiryMonitoringAlert](/images/Rule.png) | 目录服务客户端帐户密码过期监视警报 | Microsoft.AdvancedThreatAnalytics.1_7.Center.DirectoryServicesClientAccountPasswordExpiryMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_7.Center | ConfigurationHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.DirectoryServicesReplicationSuspiciousActivity](/images/Rule.png) | 目录服务复制可疑活动 | Microsoft.AdvancedThreatAnalytics.1_7.Center.DirectoryServicesReplicationSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_7.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.DnsReconnaissanceSuspiciousActivity](/images/Rule.png) | DNS 侦测可疑活动 | Microsoft.AdvancedThreatAnalytics.1_7.Center.DnsReconnaissanceSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_7.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.DomainSynchronizerNotAssignedMonitoringAlert](/images/Rule.png) | 域同步器未分配监视警报 | Microsoft.AdvancedThreatAnalytics.1_7.Center.DomainSynchronizerNotAssignedMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_7.Center | ConfigurationHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.EncryptionDowngradeSuspiciousActivity](/images/Rule.png) | 加密降级可疑活动 | Microsoft.AdvancedThreatAnalytics.1_7.Center.EncryptionDowngradeSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_7.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.EncryptionDowngradeSuspiciousActivity_GoldenTicket](/images/Rule.png) | 加密降级可疑活动(黄金票证) | Microsoft.AdvancedThreatAnalytics.1_7.Center.EncryptionDowngradeSuspiciousActivity_GoldenTicket | Microsoft.AdvancedThreatAnalytics.1_7.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.EncryptionDowngradeSuspiciousActivity_OverpasstheHash](/images/Rule.png) | 加密降级可疑活动(超哈希传递攻击) | Microsoft.AdvancedThreatAnalytics.1_7.Center.EncryptionDowngradeSuspiciousActivity_OverpasstheHash | Microsoft.AdvancedThreatAnalytics.1_7.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.EncryptionDowngradeSuspiciousActivity_SkeletonKey](/images/Rule.png) | 加密降级可疑活动(万能钥匙) | Microsoft.AdvancedThreatAnalytics.1_7.Center.EncryptionDowngradeSuspiciousActivity_SkeletonKey | Microsoft.AdvancedThreatAnalytics.1_7.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.EntityProfilerNetworkActivityBlockSize](/images/Rule.png) | EntityProfiler 网络活动块大小 | Microsoft.AdvancedThreatAnalytics.1_7.Center.EntityProfilerNetworkActivityBlockSize | Microsoft.AdvancedThreatAnalytics.1_7.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.EntityReceiverEntityBatchBlockSize](/images/Rule.png) | EntityReceiver 实体批块大小 | Microsoft.AdvancedThreatAnalytics.1_7.Center.EntityReceiverEntityBatchBlockSize | Microsoft.AdvancedThreatAnalytics.1_7.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.EnumerateSessionsSuspiciousActivity](/images/Rule.png) | 枚举会话可疑活动 | Microsoft.AdvancedThreatAnalytics.1_7.Center.EnumerateSessionsSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_7.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.ForgedPacSuspiciousActivity](/images/Rule.png) | 伪造 PAC 可疑活动 | Microsoft.AdvancedThreatAnalytics.1_7.Center.ForgedPacSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_7.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.GatewayCaptureNetworkAdapterFaultedMonitoringAlert](/images/Rule.png) | 网关捕捉网络适配器出错监视警报 | Microsoft.AdvancedThreatAnalytics.1_7.Center.GatewayCaptureNetworkAdapterFaultedMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_7.Center | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.GatewayCaptureNetworkAdapterMissingMonitoringAlert](/images/Rule.png) | 网关捕捉网络适配器缺少监视警报 | Microsoft.AdvancedThreatAnalytics.1_7.Center.GatewayCaptureNetworkAdapterMissingMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_7.Center | ConfigurationHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.GatewayDirectoryServicesClientConnectivityMonitoringAlert](/images/Rule.png) | 网关目录服务客户端连接性监视警报 | Microsoft.AdvancedThreatAnalytics.1_7.Center.GatewayDirectoryServicesClientConnectivityMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_7.Center | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.GatewayDisconnectedMonitoringAlert](/images/Rule.png) | 网关断开监视警报 | Microsoft.AdvancedThreatAnalytics.1_7.Center.GatewayDisconnectedMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_7.Center | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.GatewayLowMemoryMonitoringAlert](/images/Rule.png) | 网关内存不足监视警报 | Microsoft.AdvancedThreatAnalytics.1_7.Center.GatewayLowMemoryMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_7.Center | PerformanceHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.GatewayNotReceivingTrafficMonitoringAlert](/images/Rule.png) | 网关未收到流量监视警报 | Microsoft.AdvancedThreatAnalytics.1_7.Center.GatewayNotReceivingTrafficMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_7.Center | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.GatewayOverloadedEventActivitiesMonitoringAlert](/images/Rule.png) | 网关重载事件活动监视警报 | Microsoft.AdvancedThreatAnalytics.1_7.Center.GatewayOverloadedEventActivitiesMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_7.Center | PerformanceHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.GatewayOverloadedNetworkActivitiesMonitoringAlert](/images/Rule.png) | 网关重载网络活动监视警报 | Microsoft.AdvancedThreatAnalytics.1_7.Center.GatewayOverloadedNetworkActivitiesMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_7.Center | PerformanceHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.GatewaysOutdatedMonitoringAlert](/images/Rule.png) | 网关过时监视警报 | Microsoft.AdvancedThreatAnalytics.1_7.Center.GatewaysOutdatedMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_7.Center | ConfigurationHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.GatewayStartFailureMonitoringAlert](/images/Rule.png) | 网关启动失败监视警报 | Microsoft.AdvancedThreatAnalytics.1_7.Center.GatewayStartFailureMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_7.Center | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.HoneytokenActivitySuspiciousActivity](/images/Rule.png) | 蜜标活动可疑活动 | Microsoft.AdvancedThreatAnalytics.1_7.Center.HoneytokenActivitySuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_7.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.LdapSimpleBindCleartextPasswordSuspiciousActivity](/images/Rule.png) | LDAP 简单绑定明文密码可疑活动 | Microsoft.AdvancedThreatAnalytics.1_7.Center.LdapSimpleBindCleartextPasswordSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_7.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.MailMonitoringAlert](/images/Rule.png) | 邮件监视警报 | Microsoft.AdvancedThreatAnalytics.1_7.Center.MailMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_7.Center | ConfigurationHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.MassiveObjectDeletionSuspiciousActivity](/images/Rule.png) | 大规模对象删除可疑活动 | Microsoft.AdvancedThreatAnalytics.1_7.Center.MassiveObjectDeletionSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_7.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.NetworkActivityProcessorNetworkActivityBlockSize](/images/Rule.png) | NetworkActivityProcessor 网络活动块大小 | Microsoft.AdvancedThreatAnalytics.1_7.Center.NetworkActivityProcessorNetworkActivityBlockSize | Microsoft.AdvancedThreatAnalytics.1_7.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.PassTheHashSuspiciousActivity](/images/Rule.png) | 哈希传递攻击可疑活动 | Microsoft.AdvancedThreatAnalytics.1_7.Center.PassTheHashSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_7.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.PassTheTicketSuspiciousActivity](/images/Rule.png) | 票证传递攻击可疑活动 | Microsoft.AdvancedThreatAnalytics.1_7.Center.PassTheTicketSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_7.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.RemoteExecutionSuspiciousActivity](/images/Rule.png) | 远程执行可疑活动 | Microsoft.AdvancedThreatAnalytics.1_7.Center.RemoteExecutionSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_7.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.RetrieveDataProtectionBackupKeySuspiciousActivity](/images/Rule.png) | 检索数据保护备份密钥可疑活动 | Microsoft.AdvancedThreatAnalytics.1_7.Center.RetrieveDataProtectionBackupKeySuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_7.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.SamrReconnaissanceSuspiciousActivity](/images/Rule.png) | SAMR 侦测可疑活动 | Microsoft.AdvancedThreatAnalytics.1_7.Center.SamrReconnaissanceSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_7.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Center.SyslogMonitoringAlert](/images/Rule.png) | Syslog 监视警报 | Microsoft.AdvancedThreatAnalytics.1_7.Center.SyslogMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_7.Center | ConfigurationHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Gateway.ActiveDirectoryAuthenticationFailure](/images/Rule.png) | ATA 网关未能针对域控制器进行身份验证 | Microsoft.AdvancedThreatAnalytics.1_7.Gateway.ActiveDirectoryAuthenticationFailure | Microsoft.AdvancedThreatAnalytics.1_7.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Gateway.CountersDisabled](/images/Rule.png) | 注册表中可能禁用计数器 | Microsoft.AdvancedThreatAnalytics.1_7.Gateway.CountersDisabled | Microsoft.AdvancedThreatAnalytics.1_7.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Gateway.EntityResolverActivityBlockSize](/images/Rule.png) | EntityResolver 活动块大小 | Microsoft.AdvancedThreatAnalytics.1_7.Gateway.EntityResolverActivityBlockSize | Microsoft.AdvancedThreatAnalytics.1_7.Gateway | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_7.Gateway.EntitySenderEntityBatchBlockSize](/images/Rule.png) | EntitySender 实体批块大小 | Microsoft.AdvancedThreatAnalytics.1_7.Gateway.EntitySenderEntityBatchBlockSize | Microsoft.AdvancedThreatAnalytics.1_7.Gateway | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_7.Gateway.EntitySenderEntityBatchSendTime](/images/Rule.png) | EntitySender 实体批处理发送时间 | Microsoft.AdvancedThreatAnalytics.1_7.Gateway.EntitySenderEntityBatchSendTime | Microsoft.AdvancedThreatAnalytics.1_7.Gateway | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_7.Gateway.FailedToAuthenticateAgainstCenter](/images/Rule.png) | ATA 网关未能针对中心进行身份验证 | Microsoft.AdvancedThreatAnalytics.1_7.Gateway.FailedToAuthenticateAgainstCenter | Microsoft.AdvancedThreatAnalytics.1_7.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Gateway.FailedToEstablishConnectionToCenter](/images/Rule.png) | ATA 网关未能建立与 ATA 中心的连接 | Microsoft.AdvancedThreatAnalytics.1_7.Gateway.FailedToEstablishConnectionToCenter | Microsoft.AdvancedThreatAnalytics.1_7.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Gateway.FailedToParseSyslog](/images/Rule.png) | ATA 网关未能分析 SIEM Syslog 消息 | Microsoft.AdvancedThreatAnalytics.1_7.Gateway.FailedToParseSyslog | Microsoft.AdvancedThreatAnalytics.1_7.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Gateway.FailedToQueryDCUsingLDAPProtocol](/images/Rule.png) | ATA 网关未能使用 LDAP 协议查询域控制器 | Microsoft.AdvancedThreatAnalytics.1_7.Gateway.FailedToQueryDCUsingLDAPProtocol | Microsoft.AdvancedThreatAnalytics.1_7.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Gateway.FailedToSynchronizeConfigurationFromCenter](/images/Rule.png) | ATA 网关未能从 ATA 中心同步配置 | Microsoft.AdvancedThreatAnalytics.1_7.Gateway.FailedToSynchronizeConfigurationFromCenter | Microsoft.AdvancedThreatAnalytics.1_7.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Gateway.FailedToValidateCenterCertificateChain](/images/Rule.png) | ATA 网关未能验证中心证书链 | Microsoft.AdvancedThreatAnalytics.1_7.Gateway.FailedToValidateCenterCertificateChain | Microsoft.AdvancedThreatAnalytics.1_7.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Gateway.GatewayDoesNotHaveEnoughMemory](/images/Rule.png) | ATA 网关内存不足 | Microsoft.AdvancedThreatAnalytics.1_7.Gateway.GatewayDoesNotHaveEnoughMemory | Microsoft.AdvancedThreatAnalytics.1_7.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Gateway.GatewayUpdaterResourceManagerCommitMemoryMaxSize](/images/Rule.png) | GatewayUpdaterResourceManager 提交内存最大大小 | Microsoft.AdvancedThreatAnalytics.1_7.Gateway.GatewayUpdaterResourceManagerCommitMemoryMaxSize | Microsoft.AdvancedThreatAnalytics.1_7.Gateway | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_7.Gateway.GatewayUpdaterResourceManagerCPUTimeMax_](/images/Rule.png) | GatewayUpdaterResourceManager CPU 时间最大 \% | Microsoft.AdvancedThreatAnalytics.1_7.Gateway.GatewayUpdaterResourceManagerCPUTimeMax_ | Microsoft.AdvancedThreatAnalytics.1_7.Gateway | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_7.Gateway.GatewayUpdaterResourceManagerWorkingSetLimitSize](/images/Rule.png) | GatewayUpdaterResourceManager 工作集限制大小 | Microsoft.AdvancedThreatAnalytics.1_7.Gateway.GatewayUpdaterResourceManagerWorkingSetLimitSize | Microsoft.AdvancedThreatAnalytics.1_7.Gateway | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_7.Gateway.HostEntryInHOSTSFile](/images/Rule.png) | HOSTS 文件中包含一个指向计算机简称的主机条目 | Microsoft.AdvancedThreatAnalytics.1_7.Gateway.HostEntryInHOSTSFile | Microsoft.AdvancedThreatAnalytics.1_7.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Gateway.MessageAnalyzerIsInstalledOnGateway](/images/Rule.png) | 已在 ATA 网关安装消息分析器 | Microsoft.AdvancedThreatAnalytics.1_7.Gateway.MessageAnalyzerIsInstalledOnGateway | Microsoft.AdvancedThreatAnalytics.1_7.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Gateway.NetworkActivityTranslatorMessageData0BlockSize](/images/Rule.png) | NetworkActivityTranslator 消息数据 0 块大小 | Microsoft.AdvancedThreatAnalytics.1_7.Gateway.NetworkActivityTranslatorMessageData0BlockSize | Microsoft.AdvancedThreatAnalytics.1_7.Gateway | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_7.Gateway.NetworkActivityTranslatorMessageData1BlockSize](/images/Rule.png) | NetworkActivityTranslator 消息数据 1 块大小 | Microsoft.AdvancedThreatAnalytics.1_7.Gateway.NetworkActivityTranslatorMessageData1BlockSize | Microsoft.AdvancedThreatAnalytics.1_7.Gateway | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_7.Gateway.NetworkActivityTranslatorMessageData2BlockSize](/images/Rule.png) | NetworkActivityTranslator 消息数据 2 块大小 | Microsoft.AdvancedThreatAnalytics.1_7.Gateway.NetworkActivityTranslatorMessageData2BlockSize | Microsoft.AdvancedThreatAnalytics.1_7.Gateway | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_7.Gateway.NetworkListenerETWDroppedEvents_Sec](/images/Rule.png) | NetworkListener ETW 丢弃事件数/秒 | Microsoft.AdvancedThreatAnalytics.1_7.Gateway.NetworkListenerETWDroppedEvents_Sec | Microsoft.AdvancedThreatAnalytics.1_7.Gateway | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_7.Gateway.NetworkListenerPEFDroppedEvents_Sec](/images/Rule.png) | NetworkListener PEF 丢弃事件数/秒 | Microsoft.AdvancedThreatAnalytics.1_7.Gateway.NetworkListenerPEFDroppedEvents_Sec | Microsoft.AdvancedThreatAnalytics.1_7.Gateway | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_7.Gateway.NetworkListenerPEFParsedMessages_Sec](/images/Rule.png) | NetworkListener PEF 分析消息数/秒 | Microsoft.AdvancedThreatAnalytics.1_7.Gateway.NetworkListenerPEFParsedMessages_Sec | Microsoft.AdvancedThreatAnalytics.1_7.Gateway | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_7.Gateway.OtherPendingInstallations](/images/Rule.png) | 计算机上存在其他挂起的安装 | Microsoft.AdvancedThreatAnalytics.1_7.Gateway.OtherPendingInstallations | Microsoft.AdvancedThreatAnalytics.1_7.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Gateway.PEFWasNotInstalledCorrectly](/images/Rule.png) | PEF (消息分析器)未正确安装 | Microsoft.AdvancedThreatAnalytics.1_7.Gateway.PEFWasNotInstalledCorrectly | Microsoft.AdvancedThreatAnalytics.1_7.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_7.Gateway.PIDsWasEnabledForProcessNamesInGateway](/images/Rule.png) | 已针对 ATA 网关中的进程名称启用 PID | Microsoft.AdvancedThreatAnalytics.1_7.Gateway.PIDsWasEnabledForProcessNamesInGateway | Microsoft.AdvancedThreatAnalytics.1_7.Gateway | AvailabilityHealth | True | True |