| DisplayName | ID | Target | Category | Enabled | Alert Generate |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.AbnormalBehaviorSuspiciousActivity](/images/Rule.png) | 異常行為可疑活動警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.AbnormalBehaviorSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.AbnormalProtocolSuspiciousActivity](/images/Rule.png) | 異常通訊協定可疑活動警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.AbnormalProtocolSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.AbnormalSensitiveGroupMembershipChangeSuspiciousActivity](/images/Rule.png) | 異常敏感群組成員資格變更可疑活動警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.AbnormalSensitiveGroupMembershipChangeSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.AbnormalVpnSuspiciousActivity](/images/Rule.png) | 異常 VPN 可疑活動警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.AbnormalVpnSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.AccountEnumerationSuspiciousActivity](/images/Rule.png) | 帳戶列舉可疑活動警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.AccountEnumerationSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.BruteForceSuspiciousActivity](/images/Rule.png) | 暴力密碼破解可疑活動警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.BruteForceSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.CenterDatabaseDataDriveFreeSpaceMonitoringAlert](/images/Rule.png) | ATA 1.8 - 中心資料庫資料磁碟機可用空間監視警示的警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.CenterDatabaseDataDriveFreeSpaceMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.CenterDatabaseDisconnectedMonitoringAlert](/images/Rule.png) | ATA 1.8 - 中心資料庫中斷連線監視警示的警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.CenterDatabaseDisconnectedMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.CenterExternalIpAddressResolutionFailureMonitoringAlert](/images/Rule.png) | ATA 1.8 - 中心外部 IP 位址解析失敗監視警示的警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.CenterExternalIpAddressResolutionFailureMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.CenterMailMonitoringAlert](/images/Rule.png) | ATA 1.8 - 中心郵件監視警示的警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.CenterMailMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | ConfigurationHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.CenterNotReceivingTrafficMonitoringAlert](/images/Rule.png) | ATA 1.8 - 中心未接收流量監視警示的警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.CenterNotReceivingTrafficMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.CenterOverloadedMonitoringAlert](/images/Rule.png) | ATA 1.8 - 中心負載過重監視警示的警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.CenterOverloadedMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.CenterSyslogMonitoringAlert](/images/Rule.png) | ATA 1.8 - 中心 Syslog 監視警示的警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.CenterSyslogMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | ConfigurationHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.CertificateExpiryMonitoringAlert](/images/Rule.png) | ATA 1.8 - 憑證過期監視警示的警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.CertificateExpiryMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | ConfigurationHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.ComputerPreauthenticationFailedSuspiciousActivity](/images/Rule.png) | 電腦預先驗證失敗可疑活動警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.ComputerPreauthenticationFailedSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseAtSvcBlockSize](/images/Rule.png) | 資料庫 AtSVC 區塊大小 | Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseAtSvcBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseDirectoryServicesActivityBlockSize](/images/Rule.png) | 資料庫 DirectoryServicesActivity 區塊大小 | Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseDirectoryServicesActivityBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseDnsBlockSize](/images/Rule.png) | Database DNS Block Size | Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseDnsBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseDrsrBlockSize](/images/Rule.png) | Database DRSR Block Size | Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseDrsrBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseKerberosApBlockSize](/images/Rule.png) | 資料庫 KerberosAP 區塊大小 | Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseKerberosApBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseKerberosAsBlockSize](/images/Rule.png) | Database KerberosAS Block Size | Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseKerberosAsBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseKerberosTgsBlockSize](/images/Rule.png) | 資料庫 KerberosTGS 區塊大小 | Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseKerberosTgsBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseLdapBlockSize](/images/Rule.png) | Database LDAP Block Size | Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseLdapBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseLsaRpcBlockSize](/images/Rule.png) | 資料庫 LsaRPC 區塊大小 | Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseLsaRpcBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseNetlogonBlockSize](/images/Rule.png) | 資料庫 Netlogon 區塊大小 | Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseNetlogonBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseNtlmBlockSize](/images/Rule.png) | 資料庫 NTLM 區塊大小 | Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseNtlmBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseNtlmEventBlockSize](/images/Rule.png) | 資料庫 NTLMEvent 區塊大小 | Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseNtlmEventBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseServiceControlBlockSize](/images/Rule.png) | 資料庫 ServiceControl 區塊大小 | Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseServiceControlBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseSmbBlockSize](/images/Rule.png) | Database SMB Block Size | Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseSmbBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseSrvSvcBlockSize](/images/Rule.png) | 資料庫 SrvSVC 區塊大小 | Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseSrvSvcBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseTaskSchedulerBlockSize](/images/Rule.png) | Database TaskScheduler Block Size | Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseTaskSchedulerBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.DirectoryServicesReplicationSuspiciousActivity](/images/Rule.png) | 目錄服務複寫可疑活動警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.DirectoryServicesReplicationSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.DnsReconnaissanceSuspiciousActivity](/images/Rule.png) | DNS 偵查可疑活動警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.DnsReconnaissanceSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.EncryptionDowngradeSuspiciousActivity](/images/Rule.png) | 加密降級可疑活動警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.EncryptionDowngradeSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.EntityProfilerNetworkActivityBlockSize](/images/Rule.png) | EntityProfiler 網路活動區塊大小 | Microsoft.AdvancedThreatAnalytics.1_8.Center.EntityProfilerNetworkActivityBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.EntityReceiverEntityBatchBlockSize](/images/Rule.png) | EntityReceiver 實體批次區塊大小 | Microsoft.AdvancedThreatAnalytics.1_8.Center.EntityReceiverEntityBatchBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.EnumerateSessionsSuspiciousActivity](/images/Rule.png) | 加密降級可疑活動 (黃金票證) 警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.EnumerateSessionsSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.ForgedPacSuspiciousActivity](/images/Rule.png) | 加密降級可疑活動 (略過雜湊) 警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.ForgedPacSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayCaptureNetworkAdapterFaultedMonitoringAlert](/images/Rule.png) | ATA 1.8 - 閘道擷取網路介面卡錯誤監視警示的警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayCaptureNetworkAdapterFaultedMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayCaptureNetworkAdapterMissingMonitoringAlert](/images/Rule.png) | ATA 1.8 - 閘道擷取網路介面卡遺漏監視警示的警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayCaptureNetworkAdapterMissingMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | ConfigurationHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayDirectoryServicesClientAccountPasswordExpiryMonitoringAlert](/images/Rule.png) | ATA 1.8 - 閘道目錄服務用戶端帳戶密碼過期監視警示的警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayDirectoryServicesClientAccountPasswordExpiryMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | ConfigurationHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayDirectoryServicesClientConnectivityMonitoringAlert](/images/Rule.png) | ATA 1.8 - 閘道目錄服務用戶端連線監視警示的警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayDirectoryServicesClientConnectivityMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayDisconnectedMonitoringAlert](/images/Rule.png) | ATA 1.8 - 閘道中斷連線監視警示的警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayDisconnectedMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayDomainSynchronizerNotAssignedMonitoringAlert](/images/Rule.png) | ATA 1.8 - 未指派閘道網域同步器監視警示的警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayDomainSynchronizerNotAssignedMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | ConfigurationHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayLowMemoryMonitoringAlert](/images/Rule.png) | ATA 1.8 - 閘道記憶體不足監視警示的警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayLowMemoryMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayOverloadedEventActivitiesMonitoringAlert](/images/Rule.png) | ATA 1.8 - 閘道負載過重事件活動監視警示的警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayOverloadedEventActivitiesMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayOverloadedNetworkActivitiesMonitoringAlert](/images/Rule.png) | ATA 1.8 - 閘道負載過重網路活動監視警示的警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayOverloadedNetworkActivitiesMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayRadiusEventListenerMonitoringAlert](/images/Rule.png) | ATA 1.8 - 閘道 Radius 事件接聽程式監視警示的警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayRadiusEventListenerMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewaysOutdatedMonitoringAlert](/images/Rule.png) | ATA 1.8 - 閘道過期監視警示的警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewaysOutdatedMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | ConfigurationHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayStartFailureMonitoringAlert](/images/Rule.png) | ATA 1.8 - 閘道啟動失敗監視警示的警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayStartFailureMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewaySyslogEventListenerMonitoringAlert](/images/Rule.png) | ATA 1.8 - 閘道 Syslog 事件接聽程式監視警示的警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewaySyslogEventListenerMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.GoldenTicketSuspiciousActivity](/images/Rule.png) | 加密降級可疑活動 (萬能鑰匙) 警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.GoldenTicketSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.HoneytokenActivitySuspiciousActivity](/images/Rule.png) | 列舉工作階段可疑活動警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.HoneytokenActivitySuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.LdapBruteForceSuspiciousActivity](/images/Rule.png) | 偽造的 PAC 可疑活動警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.LdapBruteForceSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.LdapCleartextPasswordSuspiciousActivity](/images/Rule.png) | Honeytoken 活動可疑活動警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.LdapCleartextPasswordSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.MassiveObjectDeletionSuspiciousActivity](/images/Rule.png) | LDAP 簡單繫結純文字密碼可疑活動警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.MassiveObjectDeletionSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.NetworkActivityProcessorNetworkActivityBlockSize](/images/Rule.png) | NetworkActivityProcessor 網路活動區塊大小 | Microsoft.AdvancedThreatAnalytics.1_8.Center.NetworkActivityProcessorNetworkActivityBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.PassTheHashSuspiciousActivity](/images/Rule.png) | 大量物件刪除可疑活動警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.PassTheHashSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.PassTheTicketSuspiciousActivity](/images/Rule.png) | 傳遞雜湊可疑活動警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.PassTheTicketSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.RemoteExecutionSuspiciousActivity](/images/Rule.png) | 傳遞票證可疑活動警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.RemoteExecutionSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.RetrieveDataProtectionBackupKeySuspiciousActivity](/images/Rule.png) | 遠端執行可疑活動警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.RetrieveDataProtectionBackupKeySuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.SamrReconnaissanceSuspiciousActivity](/images/Rule.png) | 擷取資料保護備份金鑰可疑活動警示規則 | Microsoft.AdvancedThreatAnalytics.1_8.Center.SamrReconnaissanceSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Gateway.ActiveDirectoryAuthenticationFailure](/images/Rule.png) | ATA 閘道無法對網域控制站進行驗證 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.ActiveDirectoryAuthenticationFailure | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Gateway.CountersDisabled](/images/Rule.png) | 登錄中可能已停用計數器 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.CountersDisabled | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Gateway.EntityResolverActivityBlockSize](/images/Rule.png) | EntityResolver 活動區塊大小 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.EntityResolverActivityBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_8.Gateway.EntitySenderEntityBatchBlockSize](/images/Rule.png) | EntitySender 實體批次區塊大小 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.EntitySenderEntityBatchBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_8.Gateway.EntitySenderEntityBatchSendTime](/images/Rule.png) | EntitySender 實體批次傳送時間 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.EntitySenderEntityBatchSendTime | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_8.Gateway.FailedToAuthenticateAgainstCenter](/images/Rule.png) | ATA 閘道無法對 中心進行驗證 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.FailedToAuthenticateAgainstCenter | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Gateway.FailedToEstablishConnectionToCenter](/images/Rule.png) | ATA 閘道無法建立與 ATA 中心的連線 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.FailedToEstablishConnectionToCenter | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Gateway.FailedToParseSyslog](/images/Rule.png) | ATA 閘道無法剖析 SIEM Syslog 訊息 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.FailedToParseSyslog | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Gateway.FailedToQueryDCUsingLDAPProtocol](/images/Rule.png) | ATA 閘道無法使用 LDAP 通訊協定查詢網域控制站 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.FailedToQueryDCUsingLDAPProtocol | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Gateway.FailedToSynchronizeConfigurationFromCenter](/images/Rule.png) | ATA 閘道無法同步來自 ATA 中心的設定 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.FailedToSynchronizeConfigurationFromCenter | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Gateway.FailedToValidateCenterCertificateChain](/images/Rule.png) | ATA 閘道無法驗證中心憑證鏈結 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.FailedToValidateCenterCertificateChain | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Gateway.GatewayDoesNotHaveEnoughMemory](/images/Rule.png) | ATA 閘道的記憶體不足 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.GatewayDoesNotHaveEnoughMemory | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Gateway.GatewayUpdaterResourceManagerCommitMemoryMaxSize](/images/Rule.png) | GatewayUpdaterResourceManager 認可記憶體大小上限 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.GatewayUpdaterResourceManagerCommitMemoryMaxSize | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_8.Gateway.GatewayUpdaterResourceManagerCPUTimeMax_](/images/Rule.png) | GatewayUpdaterResourceManager CPU 時間上限 \% | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.GatewayUpdaterResourceManagerCPUTimeMax_ | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_8.Gateway.GatewayUpdaterResourceManagerWorkingSetLimitSize](/images/Rule.png) | GatewayUpdaterResourceManager 工作集限制大小 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.GatewayUpdaterResourceManagerWorkingSetLimitSize | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_8.Gateway.HostEntryInHOSTSFile](/images/Rule.png) | HOSTS 檔案中有指向電腦簡短名稱的主機項目 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.HostEntryInHOSTSFile | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Gateway.MessageAnalyzerIsInstalledOnGateway](/images/Rule.png) | 郵件分析器已安裝在 ATA 閘道上 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.MessageAnalyzerIsInstalledOnGateway | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Gateway.NetworkActivityTranslatorMessageData0BlockSize](/images/Rule.png) | NetworkActivityTranslator 郵件資料 0 區塊大小 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.NetworkActivityTranslatorMessageData0BlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_8.Gateway.NetworkListenerETWDroppedEvents_Sec](/images/Rule.png) | NetworkListener ETW 捨棄的事件/秒 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.NetworkListenerETWDroppedEvents_Sec | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_8.Gateway.NetworkListenerPEFDroppedEvents_Sec](/images/Rule.png) | NetworkListener PEF 捨棄的事件/秒 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.NetworkListenerPEFDroppedEvents_Sec | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_8.Gateway.NetworkListenerPEFParsedMessages_Sec](/images/Rule.png) | NetworkListener PEF 剖析的郵件/秒 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.NetworkListenerPEFParsedMessages_Sec | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_8.Gateway.OtherPendingInstallations](/images/Rule.png) | 電腦上有其他擱置中的安裝 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.OtherPendingInstallations | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Gateway.PEFWasNotInstalledCorrectly](/images/Rule.png) | 未正確安裝 PEF (郵件分析器) | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.PEFWasNotInstalledCorrectly | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Gateway.PIDsWasEnabledForProcessNamesInGateway](/images/Rule.png) | 已為 ATA 閘道中的處理序名稱啟用 PID | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.PIDsWasEnabledForProcessNamesInGateway | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.EncryptionDowngradeGoldenTicketSuspiciousActivity](/images/Rule.png) | Microsoft.AdvancedThreatAnalytics.1_8.Center.EncryptionDowngradeGoldenTicketSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center.EncryptionDowngradeGoldenTicketSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.EncryptionDowngradeOverPasstheHashSuspiciousActivity](/images/Rule.png) | Microsoft.AdvancedThreatAnalytics.1_8.Center.EncryptionDowngradeOverPasstheHashSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center.EncryptionDowngradeOverPasstheHashSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_8.Center.EncryptionDowngradeSkeletonKeySuspiciousActivity](/images/Rule.png) | Microsoft.AdvancedThreatAnalytics.1_8.Center.EncryptionDowngradeSkeletonKeySuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center.EncryptionDowngradeSkeletonKeySuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | True |