| DisplayName | ID | Target | Category | Enabled | Alert Generate |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.AbnormalBehaviorSuspiciousActivity](/images/Rule.png) | Regel für verdächtige Aktivität durch ungewöhnliches Verhalten | Microsoft.AdvancedThreatAnalytics.1_9.Center.AbnormalBehaviorSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_9.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.AbnormalProtocolSuspiciousActivity](/images/Rule.png) | Regel für verdächtige Aktivität durch ungewöhnliches Protokoll | Microsoft.AdvancedThreatAnalytics.1_9.Center.AbnormalProtocolSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_9.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.AbnormalSensitiveGroupMembershipChangeSuspiciousActivity](/images/Rule.png) | Regel für nicht normale verdächtige Aktivitäten zur Änderung von Mitgliedschaften in sensiblen Gruppen | Microsoft.AdvancedThreatAnalytics.1_9.Center.AbnormalSensitiveGroupMembershipChangeSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_9.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.AbnormalVpnSuspiciousActivity](/images/Rule.png) | Regel für verdächtige Aktivität durch ungewöhnliches VPN | Microsoft.AdvancedThreatAnalytics.1_9.Center.AbnormalVpnSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_9.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.AccountEnumerationSuspiciousActivity](/images/Rule.png) | Regel für verdächtige Aktivität durch Kontoenumeration | Microsoft.AdvancedThreatAnalytics.1_9.Center.AccountEnumerationSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_9.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.BruteForceSuspiciousActivity](/images/Rule.png) | Regel für verdächtige Aktivität durch Brute-Force-Angriff | Microsoft.AdvancedThreatAnalytics.1_9.Center.BruteForceSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_9.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.CenterDatabaseDataDriveFreeSpaceMonitoringAlert](/images/Rule.png) | Warnungsregel für die Überwachung des verfügbaren Speicherplatzes auf dem Datenlaufwerk der Center-Datenbank | Microsoft.AdvancedThreatAnalytics.1_9.Center.CenterDatabaseDataDriveFreeSpaceMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_9.Center | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.CenterDatabaseDisconnectedMonitoringAlert](/images/Rule.png) | Warnungsregel für die Überwachung auf getrennte Center-Datenbankverbindungen | Microsoft.AdvancedThreatAnalytics.1_9.Center.CenterDatabaseDisconnectedMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_9.Center | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.CenterExternalIpAddressResolutionFailureMonitoringAlert](/images/Rule.png) | Warnungsregel für die Überwachung auf Fehler bei der Auflösung Center-externer IP-Adressen | Microsoft.AdvancedThreatAnalytics.1_9.Center.CenterExternalIpAddressResolutionFailureMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_9.Center | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.CenterMailMonitoringAlert](/images/Rule.png) | Warnungsregel für die Überwachung von Center-E-Mail | Microsoft.AdvancedThreatAnalytics.1_9.Center.CenterMailMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_9.Center | ConfigurationHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.CenterNotReceivingTrafficMonitoringAlert](/images/Rule.png) | Warnungsregel für die Überwachung auf nicht von Center erhaltenen Datenverkehr | Microsoft.AdvancedThreatAnalytics.1_9.Center.CenterNotReceivingTrafficMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_9.Center | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.CenterOverloadedMonitoringAlert](/images/Rule.png) | Warnungsregel für die Überwachung auf Center-Überladung | Microsoft.AdvancedThreatAnalytics.1_9.Center.CenterOverloadedMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.CenterSyslogMonitoringAlert](/images/Rule.png) | Warnungsregel für die Überwachung von Center-Syslog | Microsoft.AdvancedThreatAnalytics.1_9.Center.CenterSyslogMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_9.Center | ConfigurationHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.CertificateExpiryMonitoringAlert](/images/Rule.png) | Warnungsregel für die Überwachung auf Zertifikatsablauf | Microsoft.AdvancedThreatAnalytics.1_9.Center.CertificateExpiryMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_9.Center | ConfigurationHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseAtSvcBlockSize](/images/Rule.png) | AtSVC-Blockgröße für Datenbank | Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseAtSvcBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseDnsBlockSize](/images/Rule.png) | DNS-Blockgröße für Datenbank | Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseDnsBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseDrsrBlockSize](/images/Rule.png) | DRSR-Blockgröße für Datenbank | Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseDrsrBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseGroupMembershipChangeEventBlockSize](/images/Rule.png) | GroupMembershipChangeEvent-Blockgröße für Datenbank | Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseGroupMembershipChangeEventBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseKerberosApBlockSize](/images/Rule.png) | KerberosAP-Blockgröße für Datenbank | Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseKerberosApBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseKerberosAsBlockSize](/images/Rule.png) | KerberosAS-Blockgröße für Datenbank | Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseKerberosAsBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseKerberosTgsBlockSize](/images/Rule.png) | KerberosTGS-Blockgröße für Datenbank | Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseKerberosTgsBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseLdapBlockSize](/images/Rule.png) | LDAP-Blockgröße für Datenbank | Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseLdapBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseLogicalActivityBlockSize](/images/Rule.png) | LogicalActivity-Blockgröße für Datenbank | Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseLogicalActivityBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseLogonEventBlockSize](/images/Rule.png) | LogonEvent-Blockgröße für Datenbank | Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseLogonEventBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseLsaRpcBlockSize](/images/Rule.png) | LsaRPC-Blockgröße für Datenbank | Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseLsaRpcBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseNetlogonBlockSize](/images/Rule.png) | Netlogon-Blockgröße für Datenbank | Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseNetlogonBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseNtlmBlockSize](/images/Rule.png) | NTLM-Blockgröße für Datenbank | Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseNtlmBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseNtlmEventBlockSize](/images/Rule.png) | NTLMEvent-Blockgröße für Datenbank | Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseNtlmEventBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseSAMRBlockSize](/images/Rule.png) | SAMR-Blockgröße für Datenbank | Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseSAMRBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseServiceControlBlockSize](/images/Rule.png) | ServiceControl-Blockgröße für Datenbank | Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseServiceControlBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseServiceInstalledEventBlockSize](/images/Rule.png) | ServiceInstalledEvent-Blockgröße für Datenbank | Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseServiceInstalledEventBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseSmbBlockSize](/images/Rule.png) | SMB-Blockgröße für Datenbank | Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseSmbBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseSrvSvcBlockSize](/images/Rule.png) | SrvSVC-Blockgröße für Datenbank | Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseSrvSvcBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseTaskSchedulerBlockSize](/images/Rule.png) | TaskScheduler-Blockgröße für Datenbank | Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseTaskSchedulerBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseVpnAuthenticationEventBlockSize](/images/Rule.png) | VpnAuthenticationEvent-Blockgröße für Datenbank | Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseVpnAuthenticationEventBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseWmiBlockSize](/images/Rule.png) | Wmi-Blockgröße für Datenbank | Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseWmiBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.DirectoryServicesReplicationSuspiciousActivity](/images/Rule.png) | Regel für verdächtige Aktivität bei der Replikation der Verzeichnisdienste | Microsoft.AdvancedThreatAnalytics.1_9.Center.DirectoryServicesReplicationSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_9.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.DnsReconnaissanceSuspiciousActivity](/images/Rule.png) | Regel für verdächtige Aktivität durch DNS-Reconnaissance | Microsoft.AdvancedThreatAnalytics.1_9.Center.DnsReconnaissanceSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_9.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.EncryptionDowngradeGoldenTicketSuspiciousActivity](/images/Rule.png) | Regel für verdächtige Aktivität zur Herabstufung der Verschlüsselung (Golden Ticket) | Microsoft.AdvancedThreatAnalytics.1_9.Center.EncryptionDowngradeGoldenTicketSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_9.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.EncryptionDowngradeOverPasstheHashSuspiciousActivity](/images/Rule.png) | Regel für verdächtige Aktivität zur Herabstufung der Verschlüsselung (Overpass-the-Hash) | Microsoft.AdvancedThreatAnalytics.1_9.Center.EncryptionDowngradeOverPasstheHashSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_9.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.EncryptionDowngradeSkeletonKeySuspiciousActivity](/images/Rule.png) | Regel für verdächtige Aktivität zur Herabstufung der Verschlüsselung (Skeleton Key) | Microsoft.AdvancedThreatAnalytics.1_9.Center.EncryptionDowngradeSkeletonKeySuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_9.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.EncryptionDowngradeSuspiciousActivity](/images/Rule.png) | Regel für verdächtige Aktivität zur Herabstufung der Verschlüsselung | Microsoft.AdvancedThreatAnalytics.1_9.Center.EncryptionDowngradeSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_9.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.EntityProfilerEventActivityBlockSize](/images/Rule.png) | Blockgröße der EntityProfiler-Ereignisaktivität | Microsoft.AdvancedThreatAnalytics.1_9.Center.EntityProfilerEventActivityBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.EntityProfilerLogicalActivityBlockSize](/images/Rule.png) | Blockgröße der logischen EntityProfiler-Aktivität | Microsoft.AdvancedThreatAnalytics.1_9.Center.EntityProfilerLogicalActivityBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.EntityProfilerNetworkActivityBlockSize](/images/Rule.png) | Blockgröße für EntityProfiler-Netzwerkaktivität | Microsoft.AdvancedThreatAnalytics.1_9.Center.EntityProfilerNetworkActivityBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.EntityReceiverEntityBatchBlockSize](/images/Rule.png) | Blockgröße für EntityReceiver-Entitätsbatch | Microsoft.AdvancedThreatAnalytics.1_9.Center.EntityReceiverEntityBatchBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.EnumerateSessionsSuspiciousActivity](/images/Rule.png) | Regel für verdächtige Aktivität durch Sitzungsenumeration | Microsoft.AdvancedThreatAnalytics.1_9.Center.EnumerateSessionsSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_9.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.EventActivityProcessorEventActivityBlockSize](/images/Rule.png) | Blockgröße der EventActivityProcessor-Ereignisaktivität | Microsoft.AdvancedThreatAnalytics.1_9.Center.EventActivityProcessorEventActivityBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.EventActivityProcessorPostponedEventActivityBlockSize](/images/Rule.png) | Blockgröße der verschobenen EventActivityProcessor-Ereignisaktivität | Microsoft.AdvancedThreatAnalytics.1_9.Center.EventActivityProcessorPostponedEventActivityBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.ForgedPacSuspiciousActivity](/images/Rule.png) | Regel für verdächtige Aktivität durch gefälschtes PAC | Microsoft.AdvancedThreatAnalytics.1_9.Center.ForgedPacSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_9.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewayCaptureNetworkAdapterFaultedMonitoringAlert](/images/Rule.png) | Warnungsregel für die Überwachung auf Fehler beim Netzwerkdatenerfassungs-Adapter des Gateways | Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewayCaptureNetworkAdapterFaultedMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_9.Center | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewayCaptureNetworkAdapterMissingMonitoringAlert](/images/Rule.png) | Warnungsregel für die Überwachung auf das Fehlen eines Netzwerkdatenerfassungs-Adapters auf dem Gateway | Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewayCaptureNetworkAdapterMissingMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_9.Center | ConfigurationHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewayDirectoryServicesClientAccountPasswordExpiryMonitoringAlert](/images/Rule.png) | Warnungsregel für die Überwachung auf Kennwortablauf für das Clientkonto der Gatewayverzeichnisdienste | Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewayDirectoryServicesClientAccountPasswordExpiryMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_9.Center | ConfigurationHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewayDirectoryServicesClientConnectivityMonitoringAlert](/images/Rule.png) | Warnungsregel für die Überwachung der Clientkonnektivität der Gatewayverzeichnisdienste | Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewayDirectoryServicesClientConnectivityMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_9.Center | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewayDisconnectedMonitoringAlert](/images/Rule.png) | Warnungsregel für die Überwachung auf getrennte Gatewayverbindungen | Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewayDisconnectedMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_9.Center | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewayDomainSynchronizerNotAssignedMonitoringAlert](/images/Rule.png) | Warnungsregel für die Überwachung auf nicht zugewiesenen Gatewaydomänensynchronizer | Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewayDomainSynchronizerNotAssignedMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_9.Center | ConfigurationHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewayLowMemoryMonitoringAlert](/images/Rule.png) | Warnungsregel für die Überwachung auf unzureichenden Gatewayarbeitsspeicher | Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewayLowMemoryMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewayOverloadedEventActivitiesMonitoringAlert](/images/Rule.png) | Warnungsregel für die Überwachung von Ereignisaktivitäten aufgrund von Gatewayüberladung | Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewayOverloadedEventActivitiesMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewayOverloadedNetworkActivitiesMonitoringAlert](/images/Rule.png) | Warnungsregel für die Überwachung von Netzwerkaktivitäten aufgrund von Gatewayüberladung | Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewayOverloadedNetworkActivitiesMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewayRadiusEventListenerMonitoringAlert](/images/Rule.png) | Warnungsregel für die Überwachung des Gateway-RADIUS-Ereignislisteners | Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewayRadiusEventListenerMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_9.Center | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewaysOutdatedMonitoringAlert](/images/Rule.png) | Warnungsregel für die Überwachung auf veraltete Gateways | Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewaysOutdatedMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_9.Center | ConfigurationHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewayStartFailureMonitoringAlert](/images/Rule.png) | Warnungsregel für die Überwachung auf Fehler beim Gatewaystart | Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewayStartFailureMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_9.Center | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewaySyslogEventListenerMonitoringAlert](/images/Rule.png) | Warnungsregel für die Überwachung des Gateway-Syslog-Ereignislisteners | Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewaySyslogEventListenerMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_9.Center | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.GoldenTicketSuspiciousActivity](/images/Rule.png) | Regel für verdächtige Aktivität zur Herabstufung der Verschlüsselung (Skeleton Key) | Microsoft.AdvancedThreatAnalytics.1_9.Center.GoldenTicketSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_9.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.HoneytokenActivitySuspiciousActivity](/images/Rule.png) | Regel für verdächtige Aktivität (Golden Ticket) | Microsoft.AdvancedThreatAnalytics.1_9.Center.HoneytokenActivitySuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_9.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.LdapBruteForceSuspiciousActivity](/images/Rule.png) | Warnungsregel für verdächtige Aktivität durch LDAP-Brute-Force-Angriff | Microsoft.AdvancedThreatAnalytics.1_9.Center.LdapBruteForceSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_9.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.LogicalActivityTranslatorEventActivityBlockSize](/images/Rule.png) | Blockgröße der LogicalActivityTranslator-Ereignisaktivität | Microsoft.AdvancedThreatAnalytics.1_9.Center.LogicalActivityTranslatorEventActivityBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.LogicalActivityTranslatorNetworkActivityBlockSize](/images/Rule.png) | Blockgröße der LogicalActivityTranslator-Netzwerkaktivität | Microsoft.AdvancedThreatAnalytics.1_9.Center.LogicalActivityTranslatorNetworkActivityBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.LogicalActivityTranslatorUniqueEntityBlockSize](/images/Rule.png) | Blockgröße der eindeutigen LogicalActivityTranslator-Entität | Microsoft.AdvancedThreatAnalytics.1_9.Center.LogicalActivityTranslatorUniqueEntityBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.MaliciousServiceCreationSuspiciousActivity](/images/Rule.png) | Regel für verdächtige Aktivität durch Erstellung schädlicher Dienste | Microsoft.AdvancedThreatAnalytics.1_9.Center.MaliciousServiceCreationSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_9.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.MassiveObjectDeletionSuspiciousActivity](/images/Rule.png) | Regel für verdächtige Aktivität durch umfangreiche Objektlöschungen | Microsoft.AdvancedThreatAnalytics.1_9.Center.MassiveObjectDeletionSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_9.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.NetworkActivityProcessorNetworkActivityBlockSize](/images/Rule.png) | Blockgröße für NetworkActivityProcessor-Netzwerkaktivität | Microsoft.AdvancedThreatAnalytics.1_9.Center.NetworkActivityProcessorNetworkActivityBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.NetworkActivityProcessorPostponedNetworkActivityBlockSize](/images/Rule.png) | Blockgröße der verschobenen NetworkActivityProcessor-Netzwerkaktivität | Microsoft.AdvancedThreatAnalytics.1_9.Center.NetworkActivityProcessorPostponedNetworkActivityBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.PassTheHashSuspiciousActivity](/images/Rule.png) | Regel für verdächtige Aktivität durch Pass-the-Hash | Microsoft.AdvancedThreatAnalytics.1_9.Center.PassTheHashSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_9.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.PassTheTicketSuspiciousActivity](/images/Rule.png) | Regel für verdächtige Aktivität durch Pass-the-Ticket | Microsoft.AdvancedThreatAnalytics.1_9.Center.PassTheTicketSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_9.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.RemoteExecutionSuspiciousActivity](/images/Rule.png) | Regel für verdächtige Aktivität durch Remoteausführung | Microsoft.AdvancedThreatAnalytics.1_9.Center.RemoteExecutionSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_9.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.RetrieveDataProtectionBackupKeySuspiciousActivity](/images/Rule.png) | Regel für verdächtige Aktivität beim Abrufen des Datenschutz-Sicherungsschlüssels | Microsoft.AdvancedThreatAnalytics.1_9.Center.RetrieveDataProtectionBackupKeySuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_9.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.SamrReconnaissanceSuspiciousActivity](/images/Rule.png) | Regel für verdächtige Aktivität durch SAMR-Reconnaissance | Microsoft.AdvancedThreatAnalytics.1_9.Center.SamrReconnaissanceSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_9.Center | SecurityHealth | False | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Center.UniqueEntityProcessorUniqueEntityBlockSize](/images/Rule.png) | Blockgröße der eindeutigen UniqueEntityProcessor-Entität | Microsoft.AdvancedThreatAnalytics.1_9.Center.UniqueEntityProcessorUniqueEntityBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Center | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Gateway.ActiveDirectoryAuthenticationFailure](/images/Rule.png) | ATA-Gateway konnte sich nicht beim Domänencontroller authentifizieren | Microsoft.AdvancedThreatAnalytics.1_9.Gateway.ActiveDirectoryAuthenticationFailure | Microsoft.AdvancedThreatAnalytics.1_9.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Gateway.CountersDisabled](/images/Rule.png) | Indikatoren sind möglicherweise in der Registrierung deaktiviert | Microsoft.AdvancedThreatAnalytics.1_9.Gateway.CountersDisabled | Microsoft.AdvancedThreatAnalytics.1_9.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Gateway.EntityResolverActivityBlockSize](/images/Rule.png) | Blockgröße für EntityResolver-Aktivität | Microsoft.AdvancedThreatAnalytics.1_9.Gateway.EntityResolverActivityBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Gateway | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Gateway.EntitySenderEntityBatchBlockSize](/images/Rule.png) | Blockgröße für EntitySender-Entitätsbatch | Microsoft.AdvancedThreatAnalytics.1_9.Gateway.EntitySenderEntityBatchBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Gateway | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Gateway.EntitySenderEntityBatchSendTime](/images/Rule.png) | Sendezeit für EntitySender-Entitätsbatch | Microsoft.AdvancedThreatAnalytics.1_9.Gateway.EntitySenderEntityBatchSendTime | Microsoft.AdvancedThreatAnalytics.1_9.Gateway | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Gateway.FailedToAuthenticateAgainstCenter](/images/Rule.png) | ATA-Gateway konnte sich nicht bei Center authentifizieren | Microsoft.AdvancedThreatAnalytics.1_9.Gateway.FailedToAuthenticateAgainstCenter | Microsoft.AdvancedThreatAnalytics.1_9.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Gateway.FailedToEstablishConnectionToCenter](/images/Rule.png) | ATA-Gateway konnte keine Verbindung mit ATA Center herstellen | Microsoft.AdvancedThreatAnalytics.1_9.Gateway.FailedToEstablishConnectionToCenter | Microsoft.AdvancedThreatAnalytics.1_9.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Gateway.FailedToParseSyslog](/images/Rule.png) | ATA-Gateway konnte die SIEM-Syslog-Nachricht nicht analysieren | Microsoft.AdvancedThreatAnalytics.1_9.Gateway.FailedToParseSyslog | Microsoft.AdvancedThreatAnalytics.1_9.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Gateway.FailedToQueryDCUsingLDAPProtocol](/images/Rule.png) | ATA-Gateway konnte den Domänencontroller nicht über das LDAP-Protokoll abfragen | Microsoft.AdvancedThreatAnalytics.1_9.Gateway.FailedToQueryDCUsingLDAPProtocol | Microsoft.AdvancedThreatAnalytics.1_9.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Gateway.FailedToSynchronizeConfigurationFromCenter](/images/Rule.png) | ATA-Gateway konnte die Konfiguration nicht von ATA Center synchronisieren | Microsoft.AdvancedThreatAnalytics.1_9.Gateway.FailedToSynchronizeConfigurationFromCenter | Microsoft.AdvancedThreatAnalytics.1_9.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Gateway.FailedToValidateCenterCertificateChain](/images/Rule.png) | ATA-Gateway konnte die Center-Zertifikatkette nicht überprüfen | Microsoft.AdvancedThreatAnalytics.1_9.Gateway.FailedToValidateCenterCertificateChain | Microsoft.AdvancedThreatAnalytics.1_9.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Gateway.GatewayDoesNotHaveEnoughMemory](/images/Rule.png) | ATA-Gateway besitzt nicht genügend Arbeitsspeicher | Microsoft.AdvancedThreatAnalytics.1_9.Gateway.GatewayDoesNotHaveEnoughMemory | Microsoft.AdvancedThreatAnalytics.1_9.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Gateway.GatewayUpdaterResourceManagerCommitMemoryMaxSize](/images/Rule.png) | Maximale Größe des zugesicherten Arbeitsspeichers für GatewayUpdaterResourceManager | Microsoft.AdvancedThreatAnalytics.1_9.Gateway.GatewayUpdaterResourceManagerCommitMemoryMaxSize | Microsoft.AdvancedThreatAnalytics.1_9.Gateway | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Gateway.GatewayUpdaterResourceManagerCPUTimeMax_](/images/Rule.png) | Max. CPU-Zeit für GatewayUpdaterResourceManager in \% | Microsoft.AdvancedThreatAnalytics.1_9.Gateway.GatewayUpdaterResourceManagerCPUTimeMax_ | Microsoft.AdvancedThreatAnalytics.1_9.Gateway | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Gateway.GatewayUpdaterResourceManagerWorkingSetLimitSize](/images/Rule.png) | Größe des Grenzwerts für den GatewayUpdaterResourceManager-Arbeitssatz | Microsoft.AdvancedThreatAnalytics.1_9.Gateway.GatewayUpdaterResourceManagerWorkingSetLimitSize | Microsoft.AdvancedThreatAnalytics.1_9.Gateway | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Gateway.HostEntryInHOSTSFile](/images/Rule.png) | Ein Hosteintrag in der HOSTS-Datei verweist auf den Kurznamen des Computers. | Microsoft.AdvancedThreatAnalytics.1_9.Gateway.HostEntryInHOSTSFile | Microsoft.AdvancedThreatAnalytics.1_9.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Gateway.MessageAnalyzerIsInstalledOnGateway](/images/Rule.png) | Die Nachrichtenanalyse ist auf dem ATA-Gateway installiert. | Microsoft.AdvancedThreatAnalytics.1_9.Gateway.MessageAnalyzerIsInstalledOnGateway | Microsoft.AdvancedThreatAnalytics.1_9.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Gateway.NetworkActivityTranslatorMessageData0BlockSize](/images/Rule.png) | Blockgröße 0 für NetworkActivityTranslator-Nachrichtendaten | Microsoft.AdvancedThreatAnalytics.1_9.Gateway.NetworkActivityTranslatorMessageData0BlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Gateway | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Gateway.NetworkListenerETWDroppedEvents_Sec](/images/Rule.png) | NetworkListener-ETW-Löschereignisse/Sek. | Microsoft.AdvancedThreatAnalytics.1_9.Gateway.NetworkListenerETWDroppedEvents_Sec | Microsoft.AdvancedThreatAnalytics.1_9.Gateway | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Gateway.NetworkListenerPEFDroppedEvents_Sec](/images/Rule.png) | NetworkListener-PEF-Löschereignisse/Sek. | Microsoft.AdvancedThreatAnalytics.1_9.Gateway.NetworkListenerPEFDroppedEvents_Sec | Microsoft.AdvancedThreatAnalytics.1_9.Gateway | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Gateway.NetworkListenerPEFParsedMessages_Sec](/images/Rule.png) | Analysierte NetworkListener-PEF-Nachrichten/Sek. | Microsoft.AdvancedThreatAnalytics.1_9.Gateway.NetworkListenerPEFParsedMessages_Sec | Microsoft.AdvancedThreatAnalytics.1_9.Gateway | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Gateway.OtherPendingInstallations](/images/Rule.png) | Auf Ihrem Computer stehen noch weitere Installationen aus | Microsoft.AdvancedThreatAnalytics.1_9.Gateway.OtherPendingInstallations | Microsoft.AdvancedThreatAnalytics.1_9.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Gateway.PEFWasNotInstalledCorrectly](/images/Rule.png) | PEF (Nachrichtenanalyse) wurde nicht ordnungsgemäß installiert | Microsoft.AdvancedThreatAnalytics.1_9.Gateway.PEFWasNotInstalledCorrectly | Microsoft.AdvancedThreatAnalytics.1_9.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Gateway.PIDsWasEnabledForProcessNamesInGateway](/images/Rule.png) | PIDs waren für Prozessnamen im ATA-Gateway aktiviert | Microsoft.AdvancedThreatAnalytics.1_9.Gateway.PIDsWasEnabledForProcessNamesInGateway | Microsoft.AdvancedThreatAnalytics.1_9.Gateway | AvailabilityHealth | True | True |
![Microsoft.AdvancedThreatAnalytics.1_9.Gateway.RadiusEventActivityTranslatorRadiusPacketBlockSize](/images/Rule.png) | Blockgröße des RadiusEventActivityTranslator-RADIUS-Pakets | Microsoft.AdvancedThreatAnalytics.1_9.Gateway.RadiusEventActivityTranslatorRadiusPacketBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Gateway | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Gateway.SyslogEventActivityTranslatorStringBlockSize](/images/Rule.png) | Blockgröße der SyslogEventActivityTranslator-Zeichenfolge | Microsoft.AdvancedThreatAnalytics.1_9.Gateway.SyslogEventActivityTranslatorStringBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Gateway | PerformanceCollection | True | False |
![Microsoft.AdvancedThreatAnalytics.1_9.Gateway.WefEventActivityTranslatorStringBlockSize](/images/Rule.png) | Blockgröße der WefEventActivityTranslator-Zeichenfolge | Microsoft.AdvancedThreatAnalytics.1_9.Gateway.WefEventActivityTranslatorStringBlockSize | Microsoft.AdvancedThreatAnalytics.1_9.Gateway | PerformanceCollection | True | False |