Home
  •  

All Rules in Microsoft.AdvancedThreatAnalytics.1_8 Management Pack

 DisplayNameDescriptionIDTargetCategoryEnabledInstance NameCounter NameFrequencyEvent_IDEvent SourceAlert GenerateAlert SeverityAlert PriorityRemotableEvent Log
Microsoft.AdvancedThreatAnalytics.1_8.Center.AbnormalBehaviorSuspiciousActivityAbnormal Behavior Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.AbnormalBehaviorSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_8.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.AbnormalProtocolSuspiciousActivityAbnormal Protocol Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.AbnormalProtocolSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_8.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.AbnormalSensitiveGroupMembershipChangeSuspiciousActivityAbnormal Sensitive Group Membership Change Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.AbnormalSensitiveGroupMembershipChangeSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_8.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.AbnormalVpnSuspiciousActivityAbnormal Vpn Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.AbnormalVpnSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_8.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.AccountEnumerationSuspiciousActivityAccount Enumeration Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.AccountEnumerationSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_8.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.BruteForceSuspiciousActivityBrute Force Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.BruteForceSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_8.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.CenterDatabaseDataDriveFreeSpaceMonitoringAlertCenter Database Data Drive Free Space Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.CenterDatabaseDataDriveFreeSpaceMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_8.CenterAvailabilityHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.CenterDatabaseDisconnectedMonitoringAlertCenter Database Disconnected Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.CenterDatabaseDisconnectedMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_8.CenterAvailabilityHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.CenterExternalIpAddressResolutionFailureMonitoringAlertCenter External Ip Address Resolution Failure Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.CenterExternalIpAddressResolutionFailureMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_8.CenterAvailabilityHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.CenterMailMonitoringAlertCenter Mail Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.CenterMailMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_8.CenterConfigurationHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.CenterNotReceivingTrafficMonitoringAlertCenter Not Receiving Traffic Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.CenterNotReceivingTrafficMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_8.CenterAvailabilityHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.CenterOverloadedMonitoringAlertCenter Overloaded Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.CenterOverloadedMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_8.CenterPerformanceHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.CenterSyslogMonitoringAlertCenter Syslog Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.CenterSyslogMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_8.CenterConfigurationHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.CertificateExpiryMonitoringAlertCertificate Expiry Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.CertificateExpiryMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_8.CenterConfigurationHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.ComputerPreauthenticationFailedSuspiciousActivityComputer Pre-Authentication Failed Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.ComputerPreauthenticationFailedSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_8.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseAtSvcBlockSizeDatabase AtSVC Block Size1.8Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseAtSvcBlockSizeMicrosoft.AdvancedThreatAnalytics.1_8.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase AtSVC Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseDirectoryServicesActivityBlockSizeDatabase DirectoryServicesActivity Block Size1.8Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseDirectoryServicesActivityBlockSizeMicrosoft.AdvancedThreatAnalytics.1_8.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase DirectoryServicesActivity Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseDnsBlockSizeDatabase DNS Block Size1.8Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseDnsBlockSizeMicrosoft.AdvancedThreatAnalytics.1_8.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase DNS Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseDrsrBlockSizeDatabase DRSR Block Size1.8Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseDrsrBlockSizeMicrosoft.AdvancedThreatAnalytics.1_8.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase DRSR Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseKerberosApBlockSizeDatabase KerberosAP Block Size1.8Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseKerberosApBlockSizeMicrosoft.AdvancedThreatAnalytics.1_8.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase KerberosAP Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseKerberosAsBlockSizeDatabase KerberosAS Block Size1.8Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseKerberosAsBlockSizeMicrosoft.AdvancedThreatAnalytics.1_8.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase KerberosAS Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseKerberosTgsBlockSizeDatabase KerberosTGS Block Size1.8Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseKerberosTgsBlockSizeMicrosoft.AdvancedThreatAnalytics.1_8.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase KerberosTGS Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseLdapBlockSizeDatabase LDAP Block Size1.8Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseLdapBlockSizeMicrosoft.AdvancedThreatAnalytics.1_8.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase LDAP Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseLsaRpcBlockSizeDatabase LsaRPC Block Size1.8Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseLsaRpcBlockSizeMicrosoft.AdvancedThreatAnalytics.1_8.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase LsaRPC Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseNetlogonBlockSizeDatabase Netlogon Block Size1.8Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseNetlogonBlockSizeMicrosoft.AdvancedThreatAnalytics.1_8.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase Netlogon Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseNtlmBlockSizeDatabase NTLM Block Size1.8Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseNtlmBlockSizeMicrosoft.AdvancedThreatAnalytics.1_8.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase NTLM Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseNtlmEventBlockSizeDatabase NTLMEvent Block Size1.8Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseNtlmEventBlockSizeMicrosoft.AdvancedThreatAnalytics.1_8.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase NTLMEvent Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseServiceControlBlockSizeDatabase ServiceControl Block Size1.8Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseServiceControlBlockSizeMicrosoft.AdvancedThreatAnalytics.1_8.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase ServiceControl Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseSmbBlockSizeDatabase SMB Block Size1.8Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseSmbBlockSizeMicrosoft.AdvancedThreatAnalytics.1_8.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase SMB Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseSrvSvcBlockSizeDatabase SrvSVC Block Size1.8Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseSrvSvcBlockSizeMicrosoft.AdvancedThreatAnalytics.1_8.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase SrvSVC Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseTaskSchedulerBlockSizeDatabase TaskScheduler Block Size1.8Microsoft.AdvancedThreatAnalytics.1_8.Center.DatabaseTaskSchedulerBlockSizeMicrosoft.AdvancedThreatAnalytics.1_8.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase TaskScheduler Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_8.Center.DirectoryServicesReplicationSuspiciousActivityDirectory Services Replication Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.DirectoryServicesReplicationSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_8.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.DnsReconnaissanceSuspiciousActivityDNS Reconnaissance Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.DnsReconnaissanceSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_8.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.EncryptionDowngradeGoldenTicketSuspiciousActivityEncryption Downgrade-Golden Ticket Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.EncryptionDowngradeGoldenTicketSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_8.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.EncryptionDowngradeOverPasstheHashSuspiciousActivityEncryption Downgrade-Over Pass-the-Hash Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.EncryptionDowngradeOverPasstheHashSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_8.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.EncryptionDowngradeSkeletonKeySuspiciousActivityEncryption Downgrade-Skeleton Key Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.EncryptionDowngradeSkeletonKeySuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_8.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.EncryptionDowngradeSuspiciousActivityEncryption Downgrade Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.EncryptionDowngradeSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_8.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.EntityProfilerNetworkActivityBlockSizeEntityProfiler Network Activity Block Size1.8Microsoft.AdvancedThreatAnalytics.1_8.Center.EntityProfilerNetworkActivityBlockSizeMicrosoft.AdvancedThreatAnalytics.1_8.CenterPerformanceCollectionTrueMicrosoft ATA CenterEntityProfiler Network Activity Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_8.Center.EntityReceiverEntityBatchBlockSizeEntityReceiver Entity Batch Block Size1.8Microsoft.AdvancedThreatAnalytics.1_8.Center.EntityReceiverEntityBatchBlockSizeMicrosoft.AdvancedThreatAnalytics.1_8.CenterPerformanceCollectionTrueMicrosoft ATA CenterEntityReceiver Entity Batch Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_8.Center.EnumerateSessionsSuspiciousActivityEnumerate Sessions Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.EnumerateSessionsSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_8.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.ForgedPacSuspiciousActivityForged Pac Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.ForgedPacSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_8.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayCaptureNetworkAdapterFaultedMonitoringAlertGateway Capture Network Adapter Faulted Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.GatewayCaptureNetworkAdapterFaultedMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_8.CenterAvailabilityHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayCaptureNetworkAdapterMissingMonitoringAlertGateway Capture Network Adapter Missing Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.GatewayCaptureNetworkAdapterMissingMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_8.CenterConfigurationHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayDirectoryServicesClientAccountPasswordExpiryMonitoringAlertGateway Directory Services Client Account Password Expiry Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.GatewayDirectoryServicesClientAccountPasswordExpiryMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_8.CenterConfigurationHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayDirectoryServicesClientConnectivityMonitoringAlertGateway Directory Services Client Connectivity Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.GatewayDirectoryServicesClientConnectivityMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_8.CenterAvailabilityHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayDisconnectedMonitoringAlertGateway Disconnected Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.GatewayDisconnectedMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_8.CenterAvailabilityHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayDomainSynchronizerNotAssignedMonitoringAlertGateway Domain Synchronizer Not Assigned Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.GatewayDomainSynchronizerNotAssignedMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_8.CenterConfigurationHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayLowMemoryMonitoringAlertGateway Low Memory Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.GatewayLowMemoryMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_8.CenterPerformanceHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayOverloadedEventActivitiesMonitoringAlertGateway Overloaded Event Activities Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.GatewayOverloadedEventActivitiesMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_8.CenterPerformanceHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayOverloadedNetworkActivitiesMonitoringAlertGateway Overloaded Network Activities Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.GatewayOverloadedNetworkActivitiesMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_8.CenterPerformanceHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayRadiusEventListenerMonitoringAlertGateway Radius Event Listener Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.GatewayRadiusEventListenerMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_8.CenterAvailabilityHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewaysOutdatedMonitoringAlertGateways Outdated Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.GatewaysOutdatedMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_8.CenterConfigurationHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewayStartFailureMonitoringAlertGateway Start Failure Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.GatewayStartFailureMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_8.CenterAvailabilityHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.GatewaySyslogEventListenerMonitoringAlertGateway Syslog Event Listener Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.GatewaySyslogEventListenerMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_8.CenterAvailabilityHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.GoldenTicketSuspiciousActivityGolden Ticket Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.GoldenTicketSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_8.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.HoneytokenActivitySuspiciousActivityHoneytoken Activity Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.HoneytokenActivitySuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_8.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.LdapBruteForceSuspiciousActivityLdap Brute Force Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.LdapBruteForceSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_8.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.LdapCleartextPasswordSuspiciousActivityLdap Cleartext Password Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.LdapCleartextPasswordSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_8.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.MassiveObjectDeletionSuspiciousActivityMassive Object Deletion Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.MassiveObjectDeletionSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_8.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.NetworkActivityProcessorNetworkActivityBlockSizeNetworkActivityProcessor Network Activity Block Size1.8Microsoft.AdvancedThreatAnalytics.1_8.Center.NetworkActivityProcessorNetworkActivityBlockSizeMicrosoft.AdvancedThreatAnalytics.1_8.CenterPerformanceCollectionTrueMicrosoft ATA CenterNetworkActivityProcessor Network Activity Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_8.Center.PassTheHashSuspiciousActivityPass The Hash Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.PassTheHashSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_8.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.PassTheTicketSuspiciousActivityPass The Ticket Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.PassTheTicketSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_8.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.RemoteExecutionSuspiciousActivityRemote Execution Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.RemoteExecutionSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_8.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.RetrieveDataProtectionBackupKeySuspiciousActivityRetrieve Data Protection Backup Key Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.RetrieveDataProtectionBackupKeySuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_8.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Center.SamrReconnaissanceSuspiciousActivitySAMR Reconnaissance Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_8.Center.SamrReconnaissanceSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_8.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_8.Gateway.ActiveDirectoryAuthenticationFailureATA Gateway Failed to Authenticate Against the Domain ControllerRule to monitor Microsoft ATA 1.8 Gateway - ATA Gateway Failed to Authenticate Against the Domain ControllerMicrosoft.AdvancedThreatAnalytics.1_8.Gateway.ActiveDirectoryAuthenticationFailureMicrosoft.AdvancedThreatAnalytics.1_8.GatewayAvailabilityHealthTrue00TrueErrorNormalTrue
Microsoft.AdvancedThreatAnalytics.1_8.Gateway.CountersDisabledCounters might be disabled in the registryRule to monitor Microsoft ATA 1.8 Gateway - Counters might be disabled in the registryMicrosoft.AdvancedThreatAnalytics.1_8.Gateway.CountersDisabledMicrosoft.AdvancedThreatAnalytics.1_8.GatewayAvailabilityHealthTrue00TrueErrorNormalTrue
Microsoft.AdvancedThreatAnalytics.1_8.Gateway.EntityResolverActivityBlockSizeEntityResolver Activity Block Size1.8Microsoft.AdvancedThreatAnalytics.1_8.Gateway.EntityResolverActivityBlockSizeMicrosoft.AdvancedThreatAnalytics.1_8.GatewayPerformanceCollectionTrueMicrosoft ATA GatewayEntityResolver Activity Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_8.Gateway.EntitySenderEntityBatchBlockSizeEntitySender Entity Batch Block Size1.8Microsoft.AdvancedThreatAnalytics.1_8.Gateway.EntitySenderEntityBatchBlockSizeMicrosoft.AdvancedThreatAnalytics.1_8.GatewayPerformanceCollectionTrueMicrosoft ATA GatewayEntitySender Entity Batch Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_8.Gateway.EntitySenderEntityBatchSendTimeEntitySender Entity Batch Send Time1.8Microsoft.AdvancedThreatAnalytics.1_8.Gateway.EntitySenderEntityBatchSendTimeMicrosoft.AdvancedThreatAnalytics.1_8.GatewayPerformanceCollectionTrueMicrosoft ATA GatewayEntitySender Entity Batch Send Time3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_8.Gateway.FailedToAuthenticateAgainstCenterATA Gateway Failed to Authenticate Against CenterRule to monitor Microsoft ATA 1.8 Gateway - ATA Gateway Failed to Authenticate Against CenterMicrosoft.AdvancedThreatAnalytics.1_8.Gateway.FailedToAuthenticateAgainstCenterMicrosoft.AdvancedThreatAnalytics.1_8.GatewayAvailabilityHealthTrue00TrueErrorNormalTrue
Microsoft.AdvancedThreatAnalytics.1_8.Gateway.FailedToEstablishConnectionToCenterATA Gateway failed to establish connection to the ATA CenterRule to monitor Microsoft ATA 1.8 Gateway - ATA Gateway failed to establish connection to the ATA CenterMicrosoft.AdvancedThreatAnalytics.1_8.Gateway.FailedToEstablishConnectionToCenterMicrosoft.AdvancedThreatAnalytics.1_8.GatewayAvailabilityHealthTrue00TrueErrorNormalTrue
Microsoft.AdvancedThreatAnalytics.1_8.Gateway.FailedToParseSyslogATA Gateway Failed to Parse SIEM Syslog MessageRule to monitor Microsoft ATA 1.8 Gateway - ATA Gateway Failed to Parse SIEM Syslog MessageMicrosoft.AdvancedThreatAnalytics.1_8.Gateway.FailedToParseSyslogMicrosoft.AdvancedThreatAnalytics.1_8.GatewayAvailabilityHealthTrue00TrueErrorNormalTrue
Microsoft.AdvancedThreatAnalytics.1_8.Gateway.FailedToQueryDCUsingLDAPProtocolATA Gateway failed to query the domain controller using the LDAP protocolRule to monitor Microsoft ATA 1.8 Gateway - ATA Gateway failed to query the domain controller using the LDAP protocolMicrosoft.AdvancedThreatAnalytics.1_8.Gateway.FailedToQueryDCUsingLDAPProtocolMicrosoft.AdvancedThreatAnalytics.1_8.GatewayAvailabilityHealthTrue00TrueErrorNormalTrue
Microsoft.AdvancedThreatAnalytics.1_8.Gateway.FailedToSynchronizeConfigurationFromCenterATA Gateway failed to synchronize the configuration from the ATA CenterRule to monitor Microsoft ATA 1.8 Gateway - ATA Gateway failed to synchronize the configuration from the ATA CenterMicrosoft.AdvancedThreatAnalytics.1_8.Gateway.FailedToSynchronizeConfigurationFromCenterMicrosoft.AdvancedThreatAnalytics.1_8.GatewayAvailabilityHealthTrue00TrueErrorNormalTrue
Microsoft.AdvancedThreatAnalytics.1_8.Gateway.FailedToValidateCenterCertificateChainATA Gateway Failed to Validate Center Certificate ChainRule to monitor Microsoft ATA 1.8 Gateway - ATA Gateway Failed to Validate Center Certificate ChainMicrosoft.AdvancedThreatAnalytics.1_8.Gateway.FailedToValidateCenterCertificateChainMicrosoft.AdvancedThreatAnalytics.1_8.GatewayAvailabilityHealthTrue00TrueErrorNormalTrue
Microsoft.AdvancedThreatAnalytics.1_8.Gateway.GatewayDoesNotHaveEnoughMemoryATA Gateway does not have enough memoryRule to monitor Microsoft ATA 1.8 Gateway - ATA Gateway does not have enough memoryMicrosoft.AdvancedThreatAnalytics.1_8.Gateway.GatewayDoesNotHaveEnoughMemoryMicrosoft.AdvancedThreatAnalytics.1_8.GatewayAvailabilityHealthTrue00TrueErrorNormalTrue
Microsoft.AdvancedThreatAnalytics.1_8.Gateway.GatewayUpdaterResourceManagerCommitMemoryMaxSizeGatewayUpdaterResourceManager Commit Memory Max Size1.8Microsoft.AdvancedThreatAnalytics.1_8.Gateway.GatewayUpdaterResourceManagerCommitMemoryMaxSizeMicrosoft.AdvancedThreatAnalytics.1_8.GatewayPerformanceCollectionTrueMicrosoft ATA Gateway UpdaterGatewayUpdaterResourceManager Commit Memory Max Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_8.Gateway.GatewayUpdaterResourceManagerCPUTimeMax_GatewayUpdaterResourceManager CPU Time Max \%1.8Microsoft.AdvancedThreatAnalytics.1_8.Gateway.GatewayUpdaterResourceManagerCPUTimeMax_Microsoft.AdvancedThreatAnalytics.1_8.GatewayPerformanceCollectionTrueMicrosoft ATA Gateway UpdaterGatewayUpdaterResourceManager CPU Time Max \%3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_8.Gateway.GatewayUpdaterResourceManagerWorkingSetLimitSizeGatewayUpdaterResourceManager Working Set Limit Size1.8Microsoft.AdvancedThreatAnalytics.1_8.Gateway.GatewayUpdaterResourceManagerWorkingSetLimitSizeMicrosoft.AdvancedThreatAnalytics.1_8.GatewayPerformanceCollectionTrueMicrosoft ATA Gateway UpdaterGatewayUpdaterResourceManager Working Set Limit Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_8.Gateway.HostEntryInHOSTSFileThere is a host entry in the HOSTS file pointing to the machine's shortnameRule to monitor Microsoft ATA 1.8 Gateway - There is a host entry in the HOSTS file pointing to the machine's shortnameMicrosoft.AdvancedThreatAnalytics.1_8.Gateway.HostEntryInHOSTSFileMicrosoft.AdvancedThreatAnalytics.1_8.GatewayAvailabilityHealthTrue00TrueErrorNormalTrue
Microsoft.AdvancedThreatAnalytics.1_8.Gateway.MessageAnalyzerIsInstalledOnGatewayMessage Analyzer is installed on the ATA GatewayRule to monitor Microsoft ATA 1.8 Gateway - Message Analyzer is installed on the ATA GatewayMicrosoft.AdvancedThreatAnalytics.1_8.Gateway.MessageAnalyzerIsInstalledOnGatewayMicrosoft.AdvancedThreatAnalytics.1_8.GatewayAvailabilityHealthTrue00TrueErrorNormalTrue
Microsoft.AdvancedThreatAnalytics.1_8.Gateway.NetworkActivityTranslatorMessageData0BlockSizeNetworkActivityTranslator Message Data 0 Block Size1.8Microsoft.AdvancedThreatAnalytics.1_8.Gateway.NetworkActivityTranslatorMessageData0BlockSizeMicrosoft.AdvancedThreatAnalytics.1_8.GatewayPerformanceCollectionTrueMicrosoft ATA GatewayNetworkActivityTranslator Message Data 0 Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_8.Gateway.NetworkListenerETWDroppedEvents_SecNetworkListener ETW Dropped Events/Sec1.8Microsoft.AdvancedThreatAnalytics.1_8.Gateway.NetworkListenerETWDroppedEvents_SecMicrosoft.AdvancedThreatAnalytics.1_8.GatewayPerformanceCollectionTrueMicrosoft ATA GatewayNetworkListener ETW Dropped Events/Sec3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_8.Gateway.NetworkListenerPEFDroppedEvents_SecNetworkListener PEF Dropped Events/Sec1.8Microsoft.AdvancedThreatAnalytics.1_8.Gateway.NetworkListenerPEFDroppedEvents_SecMicrosoft.AdvancedThreatAnalytics.1_8.GatewayPerformanceCollectionTrueMicrosoft ATA GatewayNetworkListener PEF Dropped Events/Sec3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_8.Gateway.NetworkListenerPEFParsedMessages_SecNetworkListener PEF Parsed Messages/Sec1.8Microsoft.AdvancedThreatAnalytics.1_8.Gateway.NetworkListenerPEFParsedMessages_SecMicrosoft.AdvancedThreatAnalytics.1_8.GatewayPerformanceCollectionTrueMicrosoft ATA GatewayNetworkListener PEF Parsed Messages/Sec3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_8.Gateway.OtherPendingInstallationsThere are other pending installations on your computerRule to monitor Microsoft ATA 1.8 Gateway - There are other pending installations on your computerMicrosoft.AdvancedThreatAnalytics.1_8.Gateway.OtherPendingInstallationsMicrosoft.AdvancedThreatAnalytics.1_8.GatewayAvailabilityHealthTrue00TrueErrorNormalTrue
Microsoft.AdvancedThreatAnalytics.1_8.Gateway.PEFWasNotInstalledCorrectlyPEF (Message Analyzer) was not installed correctlyRule to monitor Microsoft ATA 1.8 Gateway - PEF (Message Analyzer) was not installed correctlyMicrosoft.AdvancedThreatAnalytics.1_8.Gateway.PEFWasNotInstalledCorrectlyMicrosoft.AdvancedThreatAnalytics.1_8.GatewayAvailabilityHealthTrue00TrueErrorNormalTrue
Microsoft.AdvancedThreatAnalytics.1_8.Gateway.PIDsWasEnabledForProcessNamesInGatewayPIDs was enabled for process names in the ATA GatewayRule to monitor Microsoft ATA 1.8 Gateway - PIDs was enabled for process names in the ATA GatewayMicrosoft.AdvancedThreatAnalytics.1_8.Gateway.PIDsWasEnabledForProcessNamesInGatewayMicrosoft.AdvancedThreatAnalytics.1_8.GatewayAvailabilityHealthTrue00TrueErrorNormalTrue