セキュリティ通知
Microsoft.AdvancedThreatAnalytics.1_8.Center.SecurityAlerts (View)
Element properties:
Source Code:
<View ID="Microsoft.AdvancedThreatAnalytics.1_8.Center.SecurityAlerts" Accessibility="Internal" Enabled="true" Target="Microsoft.AdvancedThreatAnalytics.1_8.Center" TypeID="SC!Microsoft.SystemCenter.AlertViewType" Visible="true">
<Category>Operations</Category>
<Criteria>
<SourceList>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_8.Center.AbnormalBehaviorSuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_8.Center.AbnormalProtocolSuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_8.Center.AbnormalSensitiveGroupMembershipChangeSuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_8.Center.AbnormalVpnSuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_8.Center.AccountEnumerationSuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_8.Center.BruteForceSuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_8.Center.ComputerPreauthenticationFailedSuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_8.Center.DirectoryServicesReplicationSuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_8.Center.DnsReconnaissanceSuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_8.Center.EncryptionDowngradeSuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_8.Center.EnumerateSessionsSuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_8.Center.ForgedPacSuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_8.Center.GoldenTicketSuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_8.Center.HoneytokenActivitySuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_8.Center.LdapBruteForceSuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_8.Center.LdapCleartextPasswordSuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_8.Center.MassiveObjectDeletionSuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_8.Center.PassTheHashSuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_8.Center.PassTheTicketSuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_8.Center.RemoteExecutionSuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_8.Center.RetrieveDataProtectionBackupKeySuspiciousActivity"]$</Id>
</Source>
<Source>
<Type>Rule</Type>
<Id>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_8.Center.SamrReconnaissanceSuspiciousActivity"]$</Id>
</Source>
</SourceList>
<ResolutionState>
<StateRange Operator="NotEquals">255</StateRange>
</ResolutionState>
</Criteria>
</View>
Home
JPN