This Rule generates alerts when An insecure configuration was detected
An insecure configuration was detected.
ISA Server uses its own Network Address Translation (NAT) mechanism to fully secure your system. However, ISA Server detected that the operating system NAT driver was not disabled. ISA Server stopped and disabled the driver ('IpNat')
Make sure that the NAT driver is disabled.
Target | Microsoft.ISAServer.2006.Firewall.ServerRole |
Category | EventCollection |
Enabled | True |
Alert Generate | False |
Remotable | True |
ID | Module Type | TypeId | RunAs |
---|---|---|---|
DS | DataSource | Microsoft.ISAServer.2006.Rule.AlertGenerate.DS | Default |
WA | WriteAction | Microsoft.ISAServer.2006.Rule.AlertGenerate.WA | Default |
<Rule ID="Microsoft.ISAServer.2006.An_insecure_configuration_was_detected.Rule" Enabled="onEssentialMonitoring" Target="Microsoft.ISAServer.2006.Firewall.ServerRole" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="DS" TypeID="Microsoft.ISAServer.2006.Rule.AlertGenerate.DS">
<ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Application</LogName>
<EventsPattern>^(14087)$</EventsPattern>
<EventType>1</EventType>
<SourcePattern>Microsoft ISA Server Control</SourcePattern>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="WA" TypeID="Microsoft.ISAServer.2006.Rule.AlertGenerate.WA">
<AlertMessageId>$MPElement[Name="Microsoft.ISAServer.2006.An_insecure_configuration_was_detected.AlertMessage"]$</AlertMessageId>
<DomainName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/DomainDnsName$</DomainName>
<Priority>2</Priority>
<Severity>2</Severity>
</WriteAction>
</WriteActions>
</Rule>