Home
  •  

Alerta de Monitoramento de Atividades de Evento de Gateway Sobrecarregado

Microsoft.AdvancedThreatAnalytics.1_7.Center.GatewayOverloadedEventActivitiesMonitoringAlert (Rule)

Knowledge Base article:

Resumo

O Gateway do ATA monitora as Atividades de Evento de Entrada.

Causas

O Gateway do ATA não pode processar o tráfego do evento.

Resoluções

Analise os logs e os dados de desempenho para ver porque o Gateway está sobrecarregado. Confira https://docs.microsoft.com/en-us/advanced-threat-analytics/troubleshoot/troubleshooting-ata-using-perf-counters

Element properties:

TargetMicrosoft.AdvancedThreatAnalytics.1_7.Center
CategoryPerformanceHealth
EnabledTrue
Alert GenerateTrue
Alert SeverityWarning
Alert PriorityNormal
RemotableTrue
Alert Message
Alerta de Alerta de Monitoramento de Atividades de Evento de Gateway Sobrecarregado
Alerta da regra do Microsoft ATA 1.7 Center - EventID 1012 - Alerta de Monitoramento das Atividades do Evento do Gateway Sobrecarregado
Event LogMicrosoft ATA

Member Modules:

ID Module Type TypeId RunAs 
Microsoft.Windows.EventCollector DataSource Microsoft.Windows.EventProvider Default
System.Health.GenerateAlert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="Microsoft.AdvancedThreatAnalytics.1_7.Center.GatewayOverloadedEventActivitiesMonitoringAlert" Target="Microsoft.AdvancedThreatAnalytics.1_7.Center" Enabled="true" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>PerformanceHealth</Category>

  <DataSources>

    <DataSource ID="Microsoft.Windows.EventCollector" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Microsoft ATA</LogName>

      <AllowProxying>false</AllowProxying>

      <Expression>

        <SimpleExpression>

          <ValueExpression>

            <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

          </ValueExpression>

          <Operator>Equal</Operator>

          <ValueExpression>

            <Value Type="UnsignedInteger">1012</Value>

          </ValueExpression>

        </SimpleExpression>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="System.Health.GenerateAlert" TypeID="Health!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>1</Severity>

      <AlertMessageId>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_7.Center.GatewayOverloadedEventActivitiesMonitoringAlert.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/EventDescription$</AlertParameter1>

      </AlertParameters>

    </WriteAction>

  </WriteActions>

</Rule>