Monitoring - Threat detection security events

Microsoft.SystemCenter.ThreatDetection.CollectRuleErrors.SecurityEvent (Rule)

Collects error events from threat detection security event rules for monitoring purposes

Element properties:

Target	Microsoft.Windows.Computer
Category	Custom
Enabled	False
Alert Generate	False
Remotable	False

Member Modules:

ID	Module Type	TypeId	RunAs
DS	DataSource	Microsoft.SystemCenter.CollectRuleErrors	Default
WA	WriteAction	Microsoft.SystemCenter.DiagnosticsInformationDataWriteAction	Default

Source Code:

<Rule ID="Microsoft.SystemCenter.ThreatDetection.CollectRuleErrors.SecurityEvent" Target="Windows!Microsoft.Windows.Computer" Enabled="false" ConfirmDelivery="false" Remotable="false" Priority="Normal" DiscardLevel="100">

  <Category>Custom</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Monitoring!Microsoft.SystemCenter.CollectRuleErrors">

      <RuleName>Microsoft.SystemCenter.CollectThreatDetectionSecurityEvent</RuleName>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="WA" TypeID="IPTypes!Microsoft.SystemCenter.DiagnosticsInformationDataWriteAction"/>

  </WriteActions>

</Rule>