Home
  •  

MultiStringRegMonitorType (UnitMonitorType)

Element properties:

RunAsDefault
AccessibilityInternal
Support Monitor RecalculateFalse

Member Modules:

ID Module Type TypeId RunAs 
RegDS DataSource Security.Monitoring.MultiStringRegistry.DS Default
CDBad ConditionDetection System.ExpressionFilter Default
CDGood ConditionDetection System.ExpressionFilter Default

Overrideable Parameters:

IDParameterTypeSelector
IntervalSecondsint$Config/IntervalSeconds$
SyncTimestring$Config/SyncTime$
RegValuestring$Config/RegValue$

Source Code:

<UnitMonitorType ID="MultiStringRegMonitorType" Accessibility="Internal">

  <MonitorTypeStates>

    <MonitorTypeState ID="RegValueBad" NoDetection="false"/>

    <MonitorTypeState ID="RegValueGood" NoDetection="false"/>

  </MonitorTypeStates>

  <Configuration>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" minOccurs="1" name="IntervalSeconds" type="xsd:integer"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" minOccurs="0" name="SyncTime" type="xsd:string"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" minOccurs="0" name="RegKey" type="xsd:string"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" minOccurs="0" name="RegAttribute" type="xsd:string"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" minOccurs="0" name="RegValue" type="xsd:string"/>

  </Configuration>

  <OverrideableParameters>

    <OverrideableParameter ID="IntervalSeconds" Selector="$Config/IntervalSeconds$" ParameterType="int"/>

    <OverrideableParameter ID="SyncTime" Selector="$Config/SyncTime$" ParameterType="string"/>

    <OverrideableParameter ID="RegValue" Selector="$Config/RegValue$" ParameterType="string"/>

  </OverrideableParameters>

  <MonitorImplementation>

    <MemberModules>

      <DataSource ID="RegDS" TypeID="Security.Monitoring.MultiStringRegistry.DS">

        <IntervalSeconds>$Config/IntervalSeconds$</IntervalSeconds>

        <SyncTime>$Config/SyncTime$</SyncTime>

        <RegKey>$Config/RegKey$</RegKey>

        <RegAttribute>$Config/RegAttribute$</RegAttribute>

      </DataSource>

      <ConditionDetection ID="CDGood" TypeID="System!System.ExpressionFilter">

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery Type="String">Property[@Name='AuthPkg']</XPathQuery>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <Value Type="String">$Config/RegValue$</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

      </ConditionDetection>

      <ConditionDetection ID="CDBad" TypeID="System!System.ExpressionFilter">

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery Type="String">Property[@Name='AuthPkg']</XPathQuery>

            </ValueExpression>

            <Operator>NotEqual</Operator>

            <ValueExpression>

              <Value Type="String">$Config/RegValue$</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

      </ConditionDetection>

    </MemberModules>

    <RegularDetections>

      <RegularDetection MonitorTypeStateID="RegValueBad">

        <Node ID="CDBad">

          <Node ID="RegDS"/>

        </Node>

      </RegularDetection>

      <RegularDetection MonitorTypeStateID="RegValueGood">

        <Node ID="CDGood">

          <Node ID="RegDS"/>

        </Node>

      </RegularDetection>

    </RegularDetections>

  </MonitorImplementation>

</UnitMonitorType>