Home
  •  

Security CSE Processed Successfully

Security_CSE_Processed_Successfully_1_Rule (Rule)

Element properties:

TargetMicrosoft.Windows.Server.GroupPolicy.2003.Windows_2003_Servers_Installation
CategoryEventCollection
EnabledTrue
Event Sourcescecli
Alert GenerateFalse
RemotableTrue
Event LogApplication
CommentMom2005ID='{D328AC1D-F994-470B-9E83-2F18AF48F057}';MOM2005ComputerGroupID={5F37D1D6-F952-4B72-9CCA-6986A3B7B2E3}

Member Modules:

ID Module Type TypeId RunAs 
_F6DA1507_12AF_11D3_AB21_00A0C98620CE_ DataSource Microsoft.Windows.EventProvider Default
CollectEventData WriteAction Microsoft.SystemCenter.CollectEvent Default
CollectEventDataWarehouse WriteAction Microsoft.SystemCenter.DataWarehouse.PublishEventData Default
GenerateAlert WriteAction System.Mom.BackwardCompatibility.AlertResponse Default

Source Code:

<Rule ID="Security_CSE_Processed_Successfully_1_Rule" Comment="Mom2005ID='{D328AC1D-F994-470B-9E83-2F18AF48F057}';MOM2005ComputerGroupID={5F37D1D6-F952-4B72-9CCA-6986A3B7B2E3}" Enabled="true" Target="Microsoft.Windows.Server.GroupPolicy.2003.Windows_2003_Servers_Installation" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="_F6DA1507_12AF_11D3_AB21_00A0C98620CE_" TypeID="WindowsLibrary!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="WindowsLibrary!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Application</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="String">PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>scecli</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <RegExExpression>

              <ValueExpression>

                <XPathQuery Type="Integer">EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>MatchesMOM2005BooleanRegularExpression</Operator>

              <Pattern>1704|1705</Pattern>

            </RegExExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="GenerateAlert" TypeID="MomBackwardCompatibility!System.Mom.BackwardCompatibility.AlertResponse">

      <AlertGeneration>

        <GenerateAlert>false</GenerateAlert>

        <Owner/>

        <Description>

            $Data/EventDescription$

          </Description>

        <AlertLevel>50</AlertLevel>

        <ResolutionState/>

        <Source>

            $Data/PublisherName$

          </Source>

        <Name>Security CSE Processed Successfully</Name>

      </AlertGeneration>

      <InvokerType>0</InvokerType>

    </WriteAction>

    <WriteAction ID="CollectEventData" TypeID="SystemCenterLibrary!Microsoft.SystemCenter.CollectEvent"/>

    <WriteAction ID="CollectEventDataWarehouse" TypeID="DataWarehouseLibrary!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>

  </WriteActions>

</Rule>