Home
  •  

Règle d'alerte de monitoring d'expiration du mot de passe du compte client des services d'annuaire

Microsoft.AdvancedThreatAnalytics.1_7.Center.DirectoryServicesClientAccountPasswordExpiryMonitoringAlert (Rule)

Knowledge Base article:

Résumé

Le centre ATA surveille l'expiration du mot de passe du compte de service.

Causes

le mot de passe du compte de service ATA est sur le point d'expirer.

Résolutions

Mettez à jour le mot de passe du compte de service ATA et réinitilisez le mot de passe dans la console ATA. Consultez https://docs.microsoft.com/en-us/advanced-threat-analytics/deploy-use/modifying-ata-config-dcpassword

Element properties:

TargetMicrosoft.AdvancedThreatAnalytics.1_7.Center
CategoryConfigurationHealth
EnabledTrue
Alert GenerateTrue
Alert SeverityWarning
Alert PriorityNormal
RemotableTrue
Alert Message
Alerte de surveillance d'expiration du mot de passe du compte client des services d'annuaire
Description de l'événement : {0}
Event LogMicrosoft ATA

Member Modules:

ID Module Type TypeId RunAs 
Microsoft.Windows.EventCollector DataSource Microsoft.Windows.EventProvider Default
System.Health.GenerateAlert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="Microsoft.AdvancedThreatAnalytics.1_7.Center.DirectoryServicesClientAccountPasswordExpiryMonitoringAlert" Target="Microsoft.AdvancedThreatAnalytics.1_7.Center" Enabled="true" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>ConfigurationHealth</Category>

  <DataSources>

    <DataSource ID="Microsoft.Windows.EventCollector" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Microsoft ATA</LogName>

      <AllowProxying>false</AllowProxying>

      <Expression>

        <SimpleExpression>

          <ValueExpression>

            <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

          </ValueExpression>

          <Operator>Equal</Operator>

          <ValueExpression>

            <Value Type="UnsignedInteger">1006</Value>

          </ValueExpression>

        </SimpleExpression>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="System.Health.GenerateAlert" TypeID="Health!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>1</Severity>

      <AlertMessageId>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_7.Center.DirectoryServicesClientAccountPasswordExpiryMonitoringAlert.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/EventDescription$</AlertParameter1>

      </AlertParameters>

    </WriteAction>

  </WriteActions>

</Rule>