Home
  •  

REST Request Performance Collection Rule

Microsoft.Windows.10.SDNMonitoring.RestRequestPerformanceCollectionRule (Rule)

REST response performance collection rule

Knowledge Base article:

Summary

This collects the details about how many REST requests were made to the Network controller. A sudden spike may be an indicator of malicious activity.

Causes

One of the possible causes may be unauthorized or malicious access to the Network Controller REST service.

Resolutions

Please see the recent requests to the Network Controller and ensure that only valid and benign users are accessing the service.

© 2016 Microsoft Corporation, all rights reserved

Element properties:

TargetSDNMonitoringMP.SDNMonitoring.NetworkControllerClusterNode
CategoryPerformanceCollection
EnabledTrue
Instance NameNetwork Controller
Counter NameREST Requests Received/sec
Frequency900
Alert GenerateFalse
RemotableTrue

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource System.Performance.OptimizedDataProvider Default
CollectToDB WriteAction Microsoft.SystemCenter.CollectPerformanceData Default
CollectToDW WriteAction Microsoft.SystemCenter.DataWarehouse.PublishPerformanceData Default

Source Code:

<Rule ID="Microsoft.Windows.10.SDNMonitoring.RestRequestPerformanceCollectionRule" Target="SDNMonitoringMP.SDNMonitoring.NetworkControllerClusterNode" Enabled="true" ConfirmDelivery="false" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>PerformanceCollection</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Perf!System.Performance.OptimizedDataProvider">

      <ComputerName>$Target/Property[Type="SDNMonitoringMP.SDNMonitoring.NetworkControllerClusterNode"]/Id$</ComputerName>

      <CounterName>REST Requests Received/sec</CounterName>

      <ObjectName>Network Controller</ObjectName>

      <InstanceName/>

      <AllInstances>false</AllInstances>

      <Frequency>900</Frequency>

      <Tolerance>0</Tolerance>

      <ToleranceType>Absolute</ToleranceType>

      <MaximumSampleSeparation>1</MaximumSampleSeparation>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="CollectToDB" TypeID="SC!Microsoft.SystemCenter.CollectPerformanceData"/>

    <WriteAction ID="CollectToDW" TypeID="SCDW!Microsoft.SystemCenter.DataWarehouse.PublishPerformanceData"/>

  </WriteActions>

</Rule>