ATA Center, en az bir Gateway'in Etki Alanı Eşitleyicisi olarak atandığından emin olmak için izleme gerçekleştirir.
Etki Alanı Eşitleyicisi olarak yapılandırılmış ATA Gateway yok.
İzlenen her etki alanı için en az 1 ATA Gateway'i etki alanı eşitleyicisi olarak yapılandırın.
Target | Microsoft.AdvancedThreatAnalytics.1_7.Center | ||
Category | ConfigurationHealth | ||
Enabled | True | ||
Alert Generate | True | ||
Alert Severity | Warning | ||
Alert Priority | Normal | ||
Remotable | True | ||
Alert Message |
| ||
Event Log | Microsoft ATA |
ID | Module Type | TypeId | RunAs |
---|---|---|---|
Microsoft.Windows.EventCollector | DataSource | Microsoft.Windows.EventProvider | Default |
System.Health.GenerateAlert | WriteAction | System.Health.GenerateAlert | Default |
<Rule ID="Microsoft.AdvancedThreatAnalytics.1_7.Center.DomainSynchronizerNotAssignedMonitoringAlert" Target="Microsoft.AdvancedThreatAnalytics.1_7.Center" Enabled="true" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>ConfigurationHealth</Category>
<DataSources>
<DataSource ID="Microsoft.Windows.EventCollector" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Microsoft ATA</LogName>
<AllowProxying>false</AllowProxying>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">1007</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="System.Health.GenerateAlert" TypeID="Health!System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>1</Severity>
<AlertMessageId>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_7.Center.DomainSynchronizerNotAssignedMonitoringAlert.AlertMessage"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/EventDescription$</AlertParameter1>
</AlertParameters>
</WriteAction>
</WriteActions>
</Rule>