Home
  •  

Advanced Threat Analytics 1.8 시드 검색

Microsoft.AdvancedThreatAnalytics.1_8.Seed.Discovery (Discovery)

레지스트리를 사용하여 Microsoft ATA 1.8 시드 클래스를 검색합니다.

Knowledge Base article:

요약

이 검색은 컴퓨터에서 Microsoft ATA 시드 클래스 인스턴스 및 해당 속성을 검색합니다.

Element properties:

TargetMicrosoft.Windows.Server.OperatingSystem
EnabledTrue
Frequency14400
RemotableFalse

Object Discovery Details:

Discovered Classes and their attribuets:

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.FilteredRegistryDiscoveryProvider Default

Source Code:

<Discovery ID="Microsoft.AdvancedThreatAnalytics.1_8.Seed.Discovery" Enabled="true" Target="Windows!Microsoft.Windows.Server.OperatingSystem" ConfirmDelivery="true" Remotable="false" Priority="Normal">

  <Category>Discovery</Category>

  <DiscoveryTypes>

    <DiscoveryClass TypeID="Microsoft.AdvancedThreatAnalytics.1_8.Seed"/>

  </DiscoveryTypes>

  <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.FilteredRegistryDiscoveryProvider">

    <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$</ComputerName>

    <RegistryAttributeDefinitions>

      <RegistryAttributeDefinition>

        <AttributeName>ATA</AttributeName>

        <Path>SOFTWARE\Microsoft\Microsoft Advanced Threat Analytics</Path>

        <PathType>0</PathType>

        <AttributeType>0</AttributeType>

      </RegistryAttributeDefinition>

    </RegistryAttributeDefinitions>

    <Frequency>14400</Frequency>

    <ClassId>$MPElement[Name="Microsoft.AdvancedThreatAnalytics.1_8.Seed"]$</ClassId>

    <InstanceSettings>

      <Settings>

        <Setting>

          <Name>$MPElement[Name="Windows!Microsoft.Windows.Computer"]/PrincipalName$</Name>

          <Value>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$</Value>

        </Setting>

        <Setting>

          <Name>$MPElement[Name="System!System.Entity"]/DisplayName$</Name>

          <Value>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$</Value>

        </Setting>

      </Settings>

    </InstanceSettings>

    <Expression>

      <SimpleExpression>

        <ValueExpression>

          <XPathQuery Type="Boolean">Values/ATA</XPathQuery>

        </ValueExpression>

        <Operator>Equal</Operator>

        <ValueExpression>

          <Value Type="Boolean">true</Value>

        </ValueExpression>

      </SimpleExpression>

    </Expression>

  </DataSource>

</Discovery>