Home
  •  

Gateway Capture Network Adapter Faulted Monitoring Alert

Microsoft.AdvancedThreatAnalytics.1_7.Center.GatewayCaptureNetworkAdapterFaultedMonitoringAlert (Rule)

Rule to monitor Microsoft ATA 1.7 Center - EventID 1008 - Gateway Capture Network Adapter Faulted Monitoring Alert

Knowledge Base article:

Summary

The ATA Gateway monitors the capture adapter for faults.

Causes

The ATA Gateway capture adapter has faulted.

Resolutions

Check the ATA Gateway capture adapter for connectivity or other issues.

Element properties:

TargetMicrosoft.AdvancedThreatAnalytics.1_7.Center
CategoryAvailabilityHealth
EnabledTrue
Alert GenerateTrue
Alert SeverityWarning
Alert PriorityNormal
RemotableTrue
Alert Message
Gateway Capture Network Adapter Faulted Monitoring Alert Alert
Alert for rule Microsoft ATA 1.7 Center - EventID 1008 - Gateway Capture Network Adapter Faulted Monitoring Alert

Member Modules:

ID Module Type TypeId RunAs 
Microsoft.Windows.EventCollector DataSource Microsoft.Windows.EventCollector Default
System.Health.GenerateAlert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="Microsoft.AdvancedThreatAnalytics.1_7.Center.GatewayCaptureNetworkAdapterFaultedMonitoringAlert" Target="Microsoft.AdvancedThreatAnalytics.1_7.Center" Enabled="true" ConfirmDelivery="false" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>AvailabilityHealth</Category>

  <DataSources>

    <DataSource ID="Microsoft.Windows.EventCollector" TypeID="Windows!Microsoft.Windows.EventCollector">

      <ComputerName>.</ComputerName>

      <LogName>Microsoft ATA</LogName>

      <AllowProxying>false</AllowProxying>

      <Expression>

        <SimpleExpression>

          <ValueExpression>

            <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

          </ValueExpression>

          <Operator>Equal</Operator>

          <ValueExpression>

            <Value Type="UnsignedInteger">1008</Value>

          </ValueExpression>

        </SimpleExpression>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="System.Health.GenerateAlert" TypeID="Health!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>1</Severity>

      <AlertMessageId>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_7.Center.GatewayCaptureNetworkAdapterFaultedMonitoringAlert.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/EventDescription$</AlertParameter1>

      </AlertParameters>

    </WriteAction>

  </WriteActions>

</Rule>