Security Alerts
Microsoft.AdvancedThreatAnalytics.1_7.Center.SecurityAlerts (View)
Element properties:
Source Code:
<View ID="Microsoft.AdvancedThreatAnalytics.1_7.Center.SecurityAlerts" Accessibility="Internal" Enabled="true" Target="Microsoft.AdvancedThreatAnalytics.1_7.Center" TypeID="SC!Microsoft.SystemCenter.AlertViewType" Visible="true">
<Category>Operations</Category>
<Criteria>
<SourceList>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_7.Center.AbnormalBehaviorSuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_7.Center.AbnormalSmbSuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_7.Center.AccountEnumerationSuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_7.Center.BruteForceSuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_7.Center.ComputerPreauthenticationFailedSuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_7.Center.DirectoryServicesReplicationSuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_7.Center.DnsReconnaissanceSuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_7.Center.EncryptionDowngradeSuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_7.Center.EncryptionDowngradeSuspiciousActivity_GoldenTicket"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_7.Center.EncryptionDowngradeSuspiciousActivity_OverpasstheHash"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_7.Center.EncryptionDowngradeSuspiciousActivity_SkeletonKey"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_7.Center.EnumerateSessionsSuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_7.Center.ForgedPacSuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_7.Center.HoneytokenActivitySuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_7.Center.LdapSimpleBindCleartextPasswordSuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_7.Center.MassiveObjectDeletionSuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_7.Center.PassTheHashSuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_7.Center.PassTheTicketSuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_7.Center.RemoteExecutionSuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_7.Center.RetrieveDataProtectionBackupKeySuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_7.Center.SamrReconnaissanceSuspiciousActivity"]$</Id>
</Source>
</SourceList>
<ResolutionState>
<StateRange Operator="NotEquals">255</StateRange>
</ResolutionState>
</Criteria>
</View>
Home