Tamaño de bloque de NTLM de base de datos - Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseNtlmBlockSize.PerformanceHealth (UnitMonitor) (ESN)

Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseNtlmBlockSize.PerformanceHealth (UnitMonitor)

Monitor de rendimiento para el tamaño de bloque de NTLM de base de datos del Centro de Microsoft ATA 1.9

Knowledge Base article:

Resumen

Cantidad de actividades de red de un tipo específico en cola para escribirse en la base de datos.

Debe ser inferior al valor máximo de -1 (valor máximo predeterminado: 50 000).

Element properties:

Target

Microsoft.AdvancedThreatAnalytics.1_9.Center

Parent Monitor

System.Health.PerformanceState

Category

PerformanceHealth

Enabled

True

Instance Name

Microsoft ATA Center

Counter Name

Database NTLM Block Size

Frequency

Alert Generate

True

Alert Severity

Warning

Alert Priority

Normal

Alert Auto Resolve

True

Monitor Type

System.Performance.ConsecutiveSamplesThreshold

Remotable

True

Accessibility

Public

Alert Message

Alerta de tamaño de bloque de NTLM de base de datos

Instancia {0}
Objeto {1}
Contador {2}
Tiene un valor {3}
Hora {4}

RunAs

Default

Source Code:

<UnitMonitor ID="Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseNtlmBlockSize.PerformanceHealth" Accessibility="Public" Enabled="true" Target="Microsoft.AdvancedThreatAnalytics.1_9.Center" ParentMonitorID="Health!System.Health.PerformanceState" Remotable="true" Priority="Normal" TypeID="Perf!System.Performance.ConsecutiveSamplesThreshold" ConfirmDelivery="false"> <Category>PerformanceHealth</Category> <AlertSettings AlertMessage="Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseNtlmBlockSize.PerformanceHealth.Alert"> <AlertOnState>Warning</AlertOnState> <AutoResolve>true</AutoResolve> <AlertPriority>Normal</AlertPriority> <AlertSeverity>Warning</AlertSeverity> <AlertParameters> <AlertParameter1>$Data[Default='']/Context/InstanceName$</AlertParameter1> <AlertParameter2>$Data[Default='']/Context/ObjectName$</AlertParameter2> <AlertParameter3>$Data[Default='']/Context/CounterName$</AlertParameter3> <AlertParameter4>$Data[Default='']/Context/SampleValue$</AlertParameter4> <AlertParameter5>$Data[Default='']/Context/TimeSampled$</AlertParameter5> </AlertParameters> </AlertSettings> <OperationalStates> <OperationalState ID="ConditionFalse" MonitorTypeStateID="ConditionFalse" HealthState="Success"/> <OperationalState ID="ConditionTrue" MonitorTypeStateID="ConditionTrue" HealthState="Warning"/> </OperationalStates> <Configuration> <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName> <CounterName>Database NTLM Block Size</CounterName> <ObjectName>Microsoft ATA Center</ObjectName> <InstanceName>nt authority\system\microsoft.tri.center</InstanceName> <AllInstances>false</AllInstances> <Frequency>60</Frequency> <Threshold>50000</Threshold> <Direction>greater</Direction> <NumSamples>1</NumSamples> </Configuration> </UnitMonitor>