La passerelle ATA surveille les activités réseau entrantes.
La passerelle ATA ne peut pas traiter le trafic réseau.
Examinez les journaux et les données de performances pour comprendre pourquoi la passerelle est surchargée. Consultez https://docs.microsoft.com/en-us/advanced-threat-analytics/troubleshoot/troubleshooting-ata-using-perf-counters
| Target | Microsoft.AdvancedThreatAnalytics.1_7.Center | ||
| Category | PerformanceHealth | ||
| Enabled | True | ||
| Alert Generate | True | ||
| Alert Severity | Warning | ||
| Alert Priority | Normal | ||
| Remotable | True | ||
| Alert Message |
| ||
| Event Log | Microsoft ATA |
| ID | Module Type | TypeId | RunAs |
|---|---|---|---|
| Microsoft.Windows.EventCollector | DataSource | Microsoft.Windows.EventProvider | Default |
| System.Health.GenerateAlert | WriteAction | System.Health.GenerateAlert | Default |
Home
FRA <Rule ID="Microsoft.AdvancedThreatAnalytics.1_7.Center.GatewayOverloadedNetworkActivitiesMonitoringAlert" Target="Microsoft.AdvancedThreatAnalytics.1_7.Center" Enabled="true" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>PerformanceHealth</Category>
<DataSources>
<DataSource ID="Microsoft.Windows.EventCollector" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Microsoft ATA</LogName>
<AllowProxying>false</AllowProxying>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">1013</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="System.Health.GenerateAlert" TypeID="Health!System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>1</Severity>
<AlertMessageId>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_7.Center.GatewayOverloadedNetworkActivitiesMonitoringAlert.AlertMessage"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/EventDescription$</AlertParameter1>
</AlertParameters>
</WriteAction>
</WriteActions>
</Rule>