1.8
The amount of traffic being dropped by the ATA Gateway every second
| Target | Microsoft.AdvancedThreatAnalytics.1_8.Gateway |
| Category | PerformanceCollection |
| Enabled | True |
| Instance Name | Microsoft ATA Gateway |
| Counter Name | NetworkListener ETW Dropped Events/Sec |
| Frequency | 300 |
| Alert Generate | False |
| Remotable | True |
| ID | Module Type | TypeId | RunAs |
|---|---|---|---|
| DS | DataSource | System.Performance.DataProvider | Default |
| WriteToDB | WriteAction | Microsoft.SystemCenter.CollectPerformanceData | Default |
| WriteToDW | WriteAction | Microsoft.SystemCenter.DataWarehouse.PublishPerformanceData | Default |
Home
ENU <Rule ID="Microsoft.AdvancedThreatAnalytics.1_8.Gateway.NetworkListenerETWDroppedEvents_Sec" Enabled="true" Target="Microsoft.AdvancedThreatAnalytics.1_8.Gateway" ConfirmDelivery="false" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>PerformanceCollection</Category>
<DataSources>
<DataSource ID="DS" TypeID="Perf!System.Performance.DataProvider">
<ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<CounterName>NetworkListener ETW Dropped Events/Sec</CounterName>
<ObjectName>Microsoft ATA Gateway</ObjectName>
<InstanceName>nt authority\system\microsoft.tri.gateway</InstanceName>
<AllInstances>false</AllInstances>
<Frequency>300</Frequency>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="WriteToDB" TypeID="SC!Microsoft.SystemCenter.CollectPerformanceData"/>
<WriteAction ID="WriteToDW" TypeID="MSDL!Microsoft.SystemCenter.DataWarehouse.PublishPerformanceData"/>
</WriteActions>
</Rule>