| DisplayName | Description | ID | Target | Category | Enabled | Instance Name | Counter Name | Frequency | Event_ID | Event Source | Alert Generate | Alert Severity | Alert Priority | Remotable | Event Log |
| 异常行为可疑活动预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.AbnormalBehaviorSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | | | 0 | 0 | | True | Error | Normal | True | Microsoft ATA |
| 异常协议可疑活动预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.AbnormalProtocolSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | | | 0 | 0 | | True | Error | Normal | True | Microsoft ATA |
| 异常的敏感组成员变更可疑活动预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.AbnormalSensitiveGroupMembershipChangeSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | | | 0 | 0 | | True | Error | Normal | True | Microsoft ATA |
| 异常 VPN 可疑活动预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.AbnormalVpnSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | | | 0 | 0 | | True | Error | Normal | True | Microsoft ATA |
| 帐户枚举可疑活动预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.AccountEnumerationSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | | | 0 | 0 | | True | Error | Normal | True | Microsoft ATA |
| 暴力破解可疑活动预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.BruteForceSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | | | 0 | 0 | | True | Error | Normal | True | Microsoft ATA |
| ATA 1.8 - 中心数据库数据驱动器可用空间监视警报的预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.CenterDatabaseDataDriveFreeSpaceMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | AvailabilityHealth | True | | | 0 | 0 | | True | Warning | Normal | True | Microsoft ATA |
| ATA 1.8 - 中心数据库断开监视警报的预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.CenterDatabaseDisconnectedMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | AvailabilityHealth | True | | | 0 | 0 | | True | Warning | Normal | True | Microsoft ATA |
| ATA 1.8 - 中心外部 IP 地址解析失败监视警报的预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.CenterExternalIpAddressResolutionFailureMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | AvailabilityHealth | True | | | 0 | 0 | | True | Warning | Normal | True | Microsoft ATA |
| ATA 1.8 - 中心邮件监视警报的预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.CenterMailMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | ConfigurationHealth | True | | | 0 | 0 | | True | Warning | Normal | True | Microsoft ATA |
| ATA 1.8 - 中心未收到流量监视警报的预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.CenterNotReceivingTrafficMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | AvailabilityHealth | True | | | 0 | 0 | | True | Warning | Normal | True | Microsoft ATA |
| ATA 1.8 - 中心超载监视警报的预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.CenterOverloadedMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceHealth | True | | | 0 | 0 | | True | Warning | Normal | True | Microsoft ATA |
| ATA 1.8 - 中心 Syslog 监视警报的预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.CenterSyslogMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | ConfigurationHealth | True | | | 0 | 0 | | True | Warning | Normal | True | Microsoft ATA |
| ATA 1.8 - 证书过期监视警报的预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.CertificateExpiryMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | ConfigurationHealth | True | | | 0 | 0 | | True | Warning | Normal | True | Microsoft ATA |
| 计算机预身份验证失败可疑活动预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.ComputerPreauthenticationFailedSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | | | 0 | 0 | | True | Error | Normal | True | Microsoft ATA |
| 数据库 AtSVC 块大小 | 1.8 | Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseAtSvcBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | Microsoft ATA Center | Database AtSVC Block Size | 300 | 0 | | False | | | True | |
| 数据库 DirectoryServicesActivity 块大小 | 1.8 | Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseDirectoryServicesActivityBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | Microsoft ATA Center | Database DirectoryServicesActivity Block Size | 300 | 0 | | False | | | True | |
| 数据库 DNS 块大小 | 1.8 | Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseDnsBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | Microsoft ATA Center | Database DNS Block Size | 300 | 0 | | False | | | True | |
| 数据库 DRSR 块大小 | 1.8 | Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseDrsrBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | Microsoft ATA Center | Database DRSR Block Size | 300 | 0 | | False | | | True | |
| 数据库 KerberosAP 块大小 | 1.8 | Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseKerberosApBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | Microsoft ATA Center | Database KerberosAP Block Size | 300 | 0 | | False | | | True | |
| 数据库 KerberosAP 块大小 | 1.8 | Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseKerberosAsBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | Microsoft ATA Center | Database KerberosAS Block Size | 300 | 0 | | False | | | True | |
| 数据库 KerberosTGS 块大小 | 1.8 | Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseKerberosTgsBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | Microsoft ATA Center | Database KerberosTGS Block Size | 300 | 0 | | False | | | True | |
| 数据库 LDAP 块大小 | 1.8 | Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseLdapBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | Microsoft ATA Center | Database LDAP Block Size | 300 | 0 | | False | | | True | |
| 数据库 LsaRPC 块大小 | 1.8 | Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseLsaRpcBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | Microsoft ATA Center | Database LsaRPC Block Size | 300 | 0 | | False | | | True | |
| 数据库 Netlogon 块大小 | 1.8 | Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseNetlogonBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | Microsoft ATA Center | Database Netlogon Block Size | 300 | 0 | | False | | | True | |
| 数据库 NTLM 块大小 | 1.8 | Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseNtlmBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | Microsoft ATA Center | Database NTLM Block Size | 300 | 0 | | False | | | True | |
| 数据库 NTLMEvent 块大小 | 1.8 | Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseNtlmEventBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | Microsoft ATA Center | Database NTLMEvent Block Size | 300 | 0 | | False | | | True | |
| 数据库 ServiceControl 块大小 | 1.8 | Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseServiceControlBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | Microsoft ATA Center | Database ServiceControl Block Size | 300 | 0 | | False | | | True | |
| 数据库 SMB 块大小 | 1.8 | Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseSmbBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | Microsoft ATA Center | Database SMB Block Size | 300 | 0 | | False | | | True | |
| 数据库 SrvSVC 块大小 | 1.8 | Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseSrvSvcBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | Microsoft ATA Center | Database SrvSVC Block Size | 300 | 0 | | False | | | True | |
| 数据库 TaskScheduler 块大小 | 1.8 | Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseTaskSchedulerBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | Microsoft ATA Center | Database TaskScheduler Block Size | 300 | 0 | | False | | | True | |
| 目录服务复制可疑活动预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.DirectoryServicesReplicationSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | | | 0 | 0 | | True | Error | Normal | True | Microsoft ATA |
| DNS 侦测可疑活动预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.DnsReconnaissanceSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | | | 0 | 0 | | True | Error | Normal | True | Microsoft ATA |
| 加密降级可疑活动预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.EncryptionDowngradeSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | | | 0 | 0 | | True | Error | Normal | True | Microsoft ATA |
| EntityProfiler 网络活动块大小 | 1.8 | Microsoft.AdvancedThreatAnalytics.1_8.Center.EntityProfilerNetworkActivityBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | Microsoft ATA Center | EntityProfiler Network Activity Block Size | 300 | 0 | | False | | | True | |
| EntityReceiver 实体批块大小 | 1.8 | Microsoft.AdvancedThreatAnalytics.1_8.Center.EntityReceiverEntityBatchBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | Microsoft ATA Center | EntityReceiver Entity Batch Block Size | 300 | 0 | | False | | | True | |
| 加密降级可疑活动(黄金票证)预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.EnumerateSessionsSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | | | 0 | 0 | | True | Error | Normal | True | Microsoft ATA |
| 加密降级可疑活动(超哈希传递攻击)预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.ForgedPacSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | | | 0 | 0 | | True | Error | Normal | True | Microsoft ATA |
| ATA 1.8 - 网关捕获网络适配器出错监视警报的预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayCaptureNetworkAdapterFaultedMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | AvailabilityHealth | True | | | 0 | 0 | | True | Warning | Normal | True | Microsoft ATA |
| ATA 1.8 - 网关捕获网络适配器缺失监视警报的预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayCaptureNetworkAdapterMissingMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | ConfigurationHealth | True | | | 0 | 0 | | True | Warning | Normal | True | Microsoft ATA |
| ATA 1.8 - 网关目录服务客户端帐户密码到期监视警报的预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayDirectoryServicesClientAccountPasswordExpiryMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | ConfigurationHealth | True | | | 0 | 0 | | True | Warning | Normal | True | Microsoft ATA |
| ATA 1.8 - 网关目录服务客户端连接性监视警报的预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayDirectoryServicesClientConnectivityMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | AvailabilityHealth | True | | | 0 | 0 | | True | Warning | Normal | True | Microsoft ATA |
| ATA 1.8 - 网关断开监视警报的预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayDisconnectedMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | AvailabilityHealth | True | | | 0 | 0 | | True | Warning | Normal | True | Microsoft ATA |
| ATA 1.8 - 网关域同步器未分配监视警报的预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayDomainSynchronizerNotAssignedMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | ConfigurationHealth | True | | | 0 | 0 | | True | Warning | Normal | True | Microsoft ATA |
| ATA 1.8 - 网关内存不足监视警报的预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayLowMemoryMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceHealth | True | | | 0 | 0 | | True | Warning | Normal | True | Microsoft ATA |
| ATA 1.8 - 网关超载事件活动监视警报的预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayOverloadedEventActivitiesMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceHealth | True | | | 0 | 0 | | True | Warning | Normal | True | Microsoft ATA |
| ATA 1.8 - 网关超载网络活动监视警报的预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayOverloadedNetworkActivitiesMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceHealth | True | | | 0 | 0 | | True | Warning | Normal | True | Microsoft ATA |
| ATA 1.8 - 网关 Radius 事件侦听器监视警报的预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayRadiusEventListenerMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | AvailabilityHealth | True | | | 0 | 0 | | True | Warning | Normal | True | Microsoft ATA |
| ATA 1.8 - 网关过时监视警报的预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewaysOutdatedMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | ConfigurationHealth | True | | | 0 | 0 | | True | Warning | Normal | True | Microsoft ATA |
| ATA 1.8 - 网关启动失败监视警报的预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayStartFailureMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | AvailabilityHealth | True | | | 0 | 0 | | True | Warning | Normal | True | Microsoft ATA |
| ATA 1.8 - 网关 Syslog 事件侦听器监视警报的预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewaySyslogEventListenerMonitoringAlert | Microsoft.AdvancedThreatAnalytics.1_8.Center | AvailabilityHealth | True | | | 0 | 0 | | True | Warning | Normal | True | Microsoft ATA |
| 加密降级可疑活动(万能钥匙)预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.GoldenTicketSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | | | 0 | 0 | | True | Error | Normal | True | Microsoft ATA |
| 枚举会话可疑活动预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.HoneytokenActivitySuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | | | 0 | 0 | | True | Error | Normal | True | Microsoft ATA |
| 伪造 PAC 可疑活动预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.LdapBruteForceSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | | | 0 | 0 | | True | Error | Normal | True | Microsoft ATA |
| 蜜标活动可疑活动预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.LdapCleartextPasswordSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | | | 0 | 0 | | True | Error | Normal | True | Microsoft ATA |
| LDAP 简单绑定明文密码可疑活动预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.MassiveObjectDeletionSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | | | 0 | 0 | | True | Error | Normal | True | Microsoft ATA |
| NetworkActivityProcessor 网络活动块大小 | 1.8 | Microsoft.AdvancedThreatAnalytics.1_8.Center.NetworkActivityProcessorNetworkActivityBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Center | PerformanceCollection | True | Microsoft ATA Center | NetworkActivityProcessor Network Activity Block Size | 300 | 0 | | False | | | True | |
| 大规模对象删除可疑活动预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.PassTheHashSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | | | 0 | 0 | | True | Error | Normal | True | Microsoft ATA |
| 哈希传递攻击可疑活动预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.PassTheTicketSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | | | 0 | 0 | | True | Error | Normal | True | Microsoft ATA |
| 票证传递攻击可疑活动预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.RemoteExecutionSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | | | 0 | 0 | | True | Error | Normal | True | Microsoft ATA |
| 远程执行可疑活动预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.RetrieveDataProtectionBackupKeySuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | | | 0 | 0 | | True | Error | Normal | True | Microsoft ATA |
| 检索数据保护备份密钥可疑活动预警规则 | | Microsoft.AdvancedThreatAnalytics.1_8.Center.SamrReconnaissanceSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | | | 0 | 0 | | True | Error | Normal | True | Microsoft ATA |
| ATA 网关未能针对域控制器进行身份验证 | 监视 Microsoft ATA 1.8 网关的规则 - ATA 网关未能针对域控制器进行身份验证 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.ActiveDirectoryAuthenticationFailure | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | AvailabilityHealth | True | | | 0 | 0 | | True | Error | Normal | True | |
| 注册表中可能禁用计数器 | 监视 Microsoft ATA 1.8 网关的规则 - 注册表中可能禁用计数器 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.CountersDisabled | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | AvailabilityHealth | True | | | 0 | 0 | | True | Error | Normal | True | |
| EntityResolver 活动块大小 | 1.8 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.EntityResolverActivityBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | PerformanceCollection | True | Microsoft ATA Gateway | EntityResolver Activity Block Size | 300 | 0 | | False | | | True | |
| EntitySender 实体批块大小 | 1.8 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.EntitySenderEntityBatchBlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | PerformanceCollection | True | Microsoft ATA Gateway | EntitySender Entity Batch Block Size | 300 | 0 | | False | | | True | |
| EntitySender 实体批处理发送时间 | 1.8 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.EntitySenderEntityBatchSendTime | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | PerformanceCollection | True | Microsoft ATA Gateway | EntitySender Entity Batch Send Time | 300 | 0 | | False | | | True | |
| ATA 网关未能针对中心进行身份验证 | 监视 Microsoft ATA 1.8 网关的规则 - ATA 网关未能针对中心进行身份验证 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.FailedToAuthenticateAgainstCenter | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | AvailabilityHealth | True | | | 0 | 0 | | True | Error | Normal | True | |
| ATA 网关未能建立与 ATA 中心的连接 | 监视 Microsoft ATA 1.8 网关的规则 - ATA 网关未能建立与 ATA 中心的连接 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.FailedToEstablishConnectionToCenter | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | AvailabilityHealth | True | | | 0 | 0 | | True | Error | Normal | True | |
| ATA 网关未能分析 SIEM Syslog 消息 | 监视 Microsoft ATA 1.8 网关的规则 - ATA 网关未能分析 SIEM Syslog 消息 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.FailedToParseSyslog | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | AvailabilityHealth | True | | | 0 | 0 | | True | Error | Normal | True | |
| ATA 网关未能使用 LDAP 协议查询域控制器 | 监视 Microsoft ATA 1.8 网关的规则 - ATA 网关未能使用 LDAP 协议查询域控制器 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.FailedToQueryDCUsingLDAPProtocol | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | AvailabilityHealth | True | | | 0 | 0 | | True | Error | Normal | True | |
| ATA 网关未能从 ATA 中心同步配置 | 监视 Microsoft ATA 1.8 网关的规则 - ATA 网关未能从 ATA 中心同步配置 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.FailedToSynchronizeConfigurationFromCenter | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | AvailabilityHealth | True | | | 0 | 0 | | True | Error | Normal | True | |
| ATA 网关未能验证中心证书链 | 监视 Microsoft ATA 1.8 网关的规则 - ATA 网关未能验证中心证书链 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.FailedToValidateCenterCertificateChain | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | AvailabilityHealth | True | | | 0 | 0 | | True | Error | Normal | True | |
| ATA 网关内存不足 | 监视 Microsoft ATA 1.8 网关的规则 - ATA 网关内存不足 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.GatewayDoesNotHaveEnoughMemory | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | AvailabilityHealth | True | | | 0 | 0 | | True | Error | Normal | True | |
| GatewayUpdaterResourceManager 提交内存最大大小 | 1.8 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.GatewayUpdaterResourceManagerCommitMemoryMaxSize | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | PerformanceCollection | True | Microsoft ATA Gateway Updater | GatewayUpdaterResourceManager Commit Memory Max Size | 300 | 0 | | False | | | True | |
| GatewayUpdaterResourceManager CPU 时间最大 \% | 1.8 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.GatewayUpdaterResourceManagerCPUTimeMax_ | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | PerformanceCollection | True | Microsoft ATA Gateway Updater | GatewayUpdaterResourceManager CPU Time Max \% | 300 | 0 | | False | | | True | |
| GatewayUpdaterResourceManager 工作集限制大小 | 1.8 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.GatewayUpdaterResourceManagerWorkingSetLimitSize | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | PerformanceCollection | True | Microsoft ATA Gateway Updater | GatewayUpdaterResourceManager Working Set Limit Size | 300 | 0 | | False | | | True | |
| HOSTS 文件中包含一个指向计算机简称的主机条目 | 监视 Microsoft ATA 1.8 网关的规则 - HOSTS 文件中包含一个指向计算机简称的主机条目 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.HostEntryInHOSTSFile | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | AvailabilityHealth | True | | | 0 | 0 | | True | Error | Normal | True | |
| 已在 ATA 网关安装消息分析器 | 监视 Microsoft ATA 1.8 网关的规则 - 消息分析器安装于 ATA 网关上 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.MessageAnalyzerIsInstalledOnGateway | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | AvailabilityHealth | True | | | 0 | 0 | | True | Error | Normal | True | |
| NetworkActivityTranslator 消息数据 0 块大小 | 1.8 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.NetworkActivityTranslatorMessageData0BlockSize | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | PerformanceCollection | True | Microsoft ATA Gateway | NetworkActivityTranslator Message Data 0 Block Size | 300 | 0 | | False | | | True | |
| NetworkListener ETW 丢弃事件数/秒 | 1.8 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.NetworkListenerETWDroppedEvents_Sec | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | PerformanceCollection | True | Microsoft ATA Gateway | NetworkListener ETW Dropped Events/Sec | 300 | 0 | | False | | | True | |
| NetworkListener PEF 丢弃事件数/秒 | 1.8 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.NetworkListenerPEFDroppedEvents_Sec | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | PerformanceCollection | True | Microsoft ATA Gateway | NetworkListener PEF Dropped Events/Sec | 300 | 0 | | False | | | True | |
| NetworkListener PEF 分析消息数/秒 | 1.8 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.NetworkListenerPEFParsedMessages_Sec | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | PerformanceCollection | True | Microsoft ATA Gateway | NetworkListener PEF Parsed Messages/Sec | 300 | 0 | | False | | | True | |
| 计算机上存在其他挂起的安装 | 监视 Microsoft ATA 1.8 网关的规则 - 计算机上存在其他挂起的安装 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.OtherPendingInstallations | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | AvailabilityHealth | True | | | 0 | 0 | | True | Error | Normal | True | |
| PEF (消息分析器)未正确安装 | 监视 Microsoft ATA 1.8 网关的规则 - PEF (消息分析器)未正确安装 | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.PEFWasNotInstalledCorrectly | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | AvailabilityHealth | True | | | 0 | 0 | | True | Error | Normal | True | |
| 已针对 ATA 网关中的进程名称启用 PID | 监视 Microsoft ATA 1.8 网关的规则 - 已针对 ATA 网关中的进程名称启用 PID | Microsoft.AdvancedThreatAnalytics.1_8.Gateway.PIDsWasEnabledForProcessNamesInGateway | Microsoft.AdvancedThreatAnalytics.1_8.Gateway | AvailabilityHealth | True | | | 0 | 0 | | True | Error | Normal | True | |
| Microsoft.AdvancedThreatAnalytics.1_8.Center.EncryptionDowngradeGoldenTicketSuspiciousActivity | | Microsoft.AdvancedThreatAnalytics.1_8.Center.EncryptionDowngradeGoldenTicketSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | | | 0 | 0 | | True | Error | Normal | True | Microsoft ATA |
| Microsoft.AdvancedThreatAnalytics.1_8.Center.EncryptionDowngradeOverPasstheHashSuspiciousActivity | | Microsoft.AdvancedThreatAnalytics.1_8.Center.EncryptionDowngradeOverPasstheHashSuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | | | 0 | 0 | | True | Error | Normal | True | Microsoft ATA |
| Microsoft.AdvancedThreatAnalytics.1_8.Center.EncryptionDowngradeSkeletonKeySuspiciousActivity | | Microsoft.AdvancedThreatAnalytics.1_8.Center.EncryptionDowngradeSkeletonKeySuspiciousActivity | Microsoft.AdvancedThreatAnalytics.1_8.Center | SecurityHealth | False | | | 0 | 0 | | True | Error | Normal | True | Microsoft ATA |