Home
  •  

ATA 1.8 - Center Trafik Almıyor İzleme Uyarısına Yönelik Uyarı Kuralı

Microsoft.AdvancedThreatAnalytics.1_8.Center.CenterNotReceivingTrafficMonitoringAlert (Rule)

Knowledge Base article:

Özet

ATA Gateway, trafik için yakalama bağdaştırıcısını izler.

Nedenler

ATA Gateway, yakalama bağdaştırıcısında trafik almayı durdurdu.

Çözümler

Gateway'in hala trafik aldığından emin olmak için bağlantı noktası yansıtma yapılandırmasını denetleyin.

Element properties:

TargetMicrosoft.AdvancedThreatAnalytics.1_8.Center
CategoryAvailabilityHealth
EnabledTrue
Alert GenerateTrue
Alert SeverityWarning
Alert PriorityNormal
RemotableTrue
Alert Message
Center Trafik Almıyor İzleme Uyarısına Yönelik Uyarı
Olay Açıklaması: {0}
Event LogMicrosoft ATA

Member Modules:

ID Module Type TypeId RunAs 
Microsoft.Windows.EventCollector DataSource Microsoft.Windows.EventProvider Default
System.Health.GenerateAlert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="Microsoft.AdvancedThreatAnalytics.1_8.Center.CenterNotReceivingTrafficMonitoringAlert" Target="Microsoft.AdvancedThreatAnalytics.1_8.Center" Enabled="true" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>AvailabilityHealth</Category>

  <DataSources>

    <DataSource ID="Microsoft.Windows.EventCollector" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Microsoft ATA</LogName>

      <AllowProxying>false</AllowProxying>

      <Expression>

        <SimpleExpression>

          <ValueExpression>

            <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

          </ValueExpression>

          <Operator>Equal</Operator>

          <ValueExpression>

            <Value Type="UnsignedInteger">1017</Value>

          </ValueExpression>

        </SimpleExpression>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="System.Health.GenerateAlert" TypeID="Health!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>1</Severity>

      <AlertMessageId>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_8.Center.CenterNotReceivingTrafficMonitoringAlert.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/EventDescription$</AlertParameter1>

      </AlertParameters>

    </WriteAction>

  </WriteActions>

</Rule>