ScanRealtimeEngineMapE
ScanRealtimeEngineMapE_1_Rule (Rule)
Knowledge Base article:
Element properties:
Member Modules:
Source Code:
<Rule ID="ScanRealtimeEngineMapE_1_Rule" Target="Microsoft.ForeFront.SharePoint.Forefront_Security_for_SharePoint_Installation" Enabled="true" ConfirmDelivery="true" Comment="Mom2005ID='{065A4DE6-6574-42C8-9518-DF107D88F5BC}';MOM2005ComputerGroupID={5E34E22D-A892-4026-A670-EB628BE392D5}">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="_F6DA1507_12AF_11D3_AB21_00A0C98620CE_" Comment="{F6DA1507-12AF-11D3-AB21-00A0C98620CE}" TypeID="WindowsLibrary!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Property[Type="WindowsLibrary!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Application</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="Integer">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>5030</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>FSCRealtimeScanner</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="GenerateAlert" TypeID="MomBackwardCompatibility!System.Mom.BackwardCompatibility.AlertResponse">
<AlertGeneration>
<GenerateAlert>true</GenerateAlert>
<Owner/>
<Description>
$Data/EventDescription$
</Description>
<AlertLevel>50</AlertLevel>
<ResolutionState/>
<Source>
$Data/PublisherName$
</Source>
<Name>ScanRealtimeEngineMapE</Name>
<CustomFields>
<CustomField>Microsoft Forefront Server Security</CustomField>
<CustomField>Forefront Security For SharePoint</CustomField>
<CustomField>ScanJobFailure</CustomField>
<CustomField/>
<CustomField/>
</CustomFields>
</AlertGeneration>
<InvokerType>0</InvokerType>
</WriteAction>
<WriteAction ID="CollectEventData" TypeID="SystemCenterLibrary!Microsoft.SystemCenter.CollectEvent"/>
<WriteAction ID="CollectEventDataWarehouse" TypeID="DataWarehouseLibrary!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>
</WriteActions>
</Rule>