Home
  •  

Alerta de Monitoramento de Atividades de Rede de Gateway Sobrecarregado

Microsoft.AdvancedThreatAnalytics.1_7.Center.GatewayOverloadedNetworkActivitiesMonitoringAlert (Rule)

Knowledge Base article:

Resumo

O Gateway do ATA monitora as Atividades de Rede de Entrada.

Causas

O Gateway do ATA não pode processar o tráfego de rede.

Resoluções

Analise os logs e os dados de desempenho para ver porque o Gateway está sobrecarregado. Confira https://docs.microsoft.com/en-us/advanced-threat-analytics/troubleshoot/troubleshooting-ata-using-perf-counters

Element properties:

TargetMicrosoft.AdvancedThreatAnalytics.1_7.Center
CategoryPerformanceHealth
EnabledTrue
Alert GenerateTrue
Alert SeverityWarning
Alert PriorityNormal
RemotableTrue
Alert Message
Alerta de Alerta de Monitoramento de Atividades de Rede de Gateway Sobrecarregado
Alerta da regra do Microsoft ATA 1.7 Center - EventID 1013 - Alerta de Monitoramento das Atividades da Rede do Gateway Sobrecarregado
Event LogMicrosoft ATA

Member Modules:

ID Module Type TypeId RunAs 
Microsoft.Windows.EventCollector DataSource Microsoft.Windows.EventProvider Default
System.Health.GenerateAlert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="Microsoft.AdvancedThreatAnalytics.1_7.Center.GatewayOverloadedNetworkActivitiesMonitoringAlert" Target="Microsoft.AdvancedThreatAnalytics.1_7.Center" Enabled="true" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>PerformanceHealth</Category>

  <DataSources>

    <DataSource ID="Microsoft.Windows.EventCollector" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Microsoft ATA</LogName>

      <AllowProxying>false</AllowProxying>

      <Expression>

        <SimpleExpression>

          <ValueExpression>

            <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

          </ValueExpression>

          <Operator>Equal</Operator>

          <ValueExpression>

            <Value Type="UnsignedInteger">1013</Value>

          </ValueExpression>

        </SimpleExpression>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="System.Health.GenerateAlert" TypeID="Health!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>1</Severity>

      <AlertMessageId>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_7.Center.GatewayOverloadedNetworkActivitiesMonitoringAlert.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/EventDescription$</AlertParameter1>

      </AlertParameters>

    </WriteAction>

  </WriteActions>

</Rule>