All Rules in Microsoft.AdvancedThreatAnalytics.1_9 Management Pack

 DisplayNameDescriptionIDTargetCategoryEnabledInstance NameCounter NameFrequencyEvent_IDEvent SourceAlert GenerateAlert SeverityAlert PriorityRemotableEvent Log
Microsoft.AdvancedThreatAnalytics.1_9.Center.AbnormalBehaviorSuspiciousActivityAbnormal Behavior Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.AbnormalBehaviorSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_9.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.AbnormalProtocolSuspiciousActivityAbnormal Protocol Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.AbnormalProtocolSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_9.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.AbnormalSensitiveGroupMembershipChangeSuspiciousActivityAbnormal Sensitive Group Membership Change Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.AbnormalSensitiveGroupMembershipChangeSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_9.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.AbnormalVpnSuspiciousActivityAbnormal Vpn Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.AbnormalVpnSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_9.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.AccountEnumerationSuspiciousActivityAccount Enumeration Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.AccountEnumerationSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_9.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.BruteForceSuspiciousActivityBrute Force Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.BruteForceSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_9.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.CenterDatabaseDataDriveFreeSpaceMonitoringAlertCenter Database Data Drive Free Space Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.CenterDatabaseDataDriveFreeSpaceMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_9.CenterAvailabilityHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.CenterDatabaseDisconnectedMonitoringAlertCenter Database Disconnected Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.CenterDatabaseDisconnectedMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_9.CenterAvailabilityHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.CenterExternalIpAddressResolutionFailureMonitoringAlertCenter External Ip Address Resolution Failure Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.CenterExternalIpAddressResolutionFailureMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_9.CenterAvailabilityHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.CenterMailMonitoringAlertCenter Mail Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.CenterMailMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_9.CenterConfigurationHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.CenterNotReceivingTrafficMonitoringAlertCenter Not Receiving Traffic Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.CenterNotReceivingTrafficMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_9.CenterAvailabilityHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.CenterOverloadedMonitoringAlertCenter Overloaded Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.CenterOverloadedMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.CenterSyslogMonitoringAlertCenter Syslog Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.CenterSyslogMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_9.CenterConfigurationHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.CertificateExpiryMonitoringAlertCertificate Expiry Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.CertificateExpiryMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_9.CenterConfigurationHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseAtSvcBlockSizeDatabase AtSVC Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseAtSvcBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase AtSVC Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseDnsBlockSizeDatabase DNS Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseDnsBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase DNS Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseDrsrBlockSizeDatabase DRSR Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseDrsrBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase DRSR Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseGroupMembershipChangeEventBlockSizeDatabase GroupMembershipChangeEvent Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseGroupMembershipChangeEventBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase GroupMembershipChangeEvent Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseKerberosApBlockSizeDatabase KerberosAP Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseKerberosApBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase KerberosAP Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseKerberosAsBlockSizeDatabase KerberosAS Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseKerberosAsBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase KerberosAS Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseKerberosTgsBlockSizeDatabase KerberosTGS Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseKerberosTgsBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase KerberosTGS Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseLdapBlockSizeDatabase LDAP Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseLdapBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase LDAP Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseLogicalActivityBlockSizeDatabase LogicalActivity Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseLogicalActivityBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase LogicalActivity Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseLogonEventBlockSizeDatabase LogonEvent Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseLogonEventBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase LogonEvent Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseLsaRpcBlockSizeDatabase LsaRPC Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseLsaRpcBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase LsaRPC Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseNetlogonBlockSizeDatabase Netlogon Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseNetlogonBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase Netlogon Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseNtlmBlockSizeDatabase NTLM Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseNtlmBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase NTLM Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseNtlmEventBlockSizeDatabase NTLMEvent Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseNtlmEventBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase NTLMEvent Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseSAMRBlockSizeDatabase SAMR Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseSAMRBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase SAMR Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseServiceControlBlockSizeDatabase ServiceControl Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseServiceControlBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase ServiceControl Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseServiceInstalledEventBlockSizeDatabase ServiceInstalledEvent Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseServiceInstalledEventBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase ServiceInstalledEvent Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseSmbBlockSizeDatabase SMB Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseSmbBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase SMB Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseSrvSvcBlockSizeDatabase SrvSVC Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseSrvSvcBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase SrvSVC Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseTaskSchedulerBlockSizeDatabase TaskScheduler Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseTaskSchedulerBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase TaskScheduler Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseVpnAuthenticationEventBlockSizeDatabase VpnAuthenticationEvent Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseVpnAuthenticationEventBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase VpnAuthenticationEvent Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseWmiBlockSizeDatabase Wmi Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Center.DatabaseWmiBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceCollectionTrueMicrosoft ATA CenterDatabase Wmi Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Center.DirectoryServicesReplicationSuspiciousActivityDirectory Services Replication Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.DirectoryServicesReplicationSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_9.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.DnsReconnaissanceSuspiciousActivityDNS Reconnaissance Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.DnsReconnaissanceSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_9.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.EncryptionDowngradeGoldenTicketSuspiciousActivityEncryption Downgrade-Golden Ticket Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.EncryptionDowngradeGoldenTicketSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_9.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.EncryptionDowngradeOverPasstheHashSuspiciousActivityEncryption Downgrade-Over Pass-the-Hash Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.EncryptionDowngradeOverPasstheHashSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_9.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.EncryptionDowngradeSkeletonKeySuspiciousActivityEncryption Downgrade-Skeleton Key Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.EncryptionDowngradeSkeletonKeySuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_9.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.EncryptionDowngradeSuspiciousActivityEncryption Downgrade Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.EncryptionDowngradeSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_9.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.EntityProfilerEventActivityBlockSizeEntityProfiler Event Activity Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Center.EntityProfilerEventActivityBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceCollectionTrueMicrosoft ATA CenterEntityProfiler Event Activity Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Center.EntityProfilerLogicalActivityBlockSizeEntityProfiler Logical Activity Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Center.EntityProfilerLogicalActivityBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceCollectionTrueMicrosoft ATA CenterEntityProfiler Logical Activity Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Center.EntityProfilerNetworkActivityBlockSizeEntityProfiler Network Activity Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Center.EntityProfilerNetworkActivityBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceCollectionTrueMicrosoft ATA CenterEntityProfiler Network Activity Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Center.EntityReceiverEntityBatchBlockSizeEntityReceiver Entity Batch Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Center.EntityReceiverEntityBatchBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceCollectionTrueMicrosoft ATA CenterEntityReceiver Entity Batch Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Center.EnumerateSessionsSuspiciousActivityEnumerate Sessions Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.EnumerateSessionsSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_9.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.EventActivityProcessorEventActivityBlockSizeEventActivityProcessor Event Activity Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Center.EventActivityProcessorEventActivityBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceCollectionTrueMicrosoft ATA CenterEventActivityProcessor Event Activity Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Center.EventActivityProcessorPostponedEventActivityBlockSizeEventActivityProcessor Postponed Event Activity Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Center.EventActivityProcessorPostponedEventActivityBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceCollectionTrueMicrosoft ATA CenterEventActivityProcessor Postponed Event Activity Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Center.ForgedPacSuspiciousActivityForged Pac Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.ForgedPacSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_9.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewayCaptureNetworkAdapterFaultedMonitoringAlertGateway Capture Network Adapter Faulted Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.GatewayCaptureNetworkAdapterFaultedMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_9.CenterAvailabilityHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewayCaptureNetworkAdapterMissingMonitoringAlertGateway Capture Network Adapter Missing Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.GatewayCaptureNetworkAdapterMissingMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_9.CenterConfigurationHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewayDirectoryServicesClientAccountPasswordExpiryMonitoringAlertGateway Directory Services Client Account Password Expiry Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.GatewayDirectoryServicesClientAccountPasswordExpiryMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_9.CenterConfigurationHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewayDirectoryServicesClientConnectivityMonitoringAlertGateway Directory Services Client Connectivity Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.GatewayDirectoryServicesClientConnectivityMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_9.CenterAvailabilityHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewayDisconnectedMonitoringAlertGateway Disconnected Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.GatewayDisconnectedMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_9.CenterAvailabilityHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewayDomainSynchronizerNotAssignedMonitoringAlertGateway Domain Synchronizer Not Assigned Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.GatewayDomainSynchronizerNotAssignedMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_9.CenterConfigurationHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewayLowMemoryMonitoringAlertGateway Low Memory Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.GatewayLowMemoryMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewayOverloadedEventActivitiesMonitoringAlertGateway Overloaded Event Activities Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.GatewayOverloadedEventActivitiesMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewayOverloadedNetworkActivitiesMonitoringAlertGateway Overloaded Network Activities Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.GatewayOverloadedNetworkActivitiesMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewayRadiusEventListenerMonitoringAlertGateway Radius Event Listener Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.GatewayRadiusEventListenerMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_9.CenterAvailabilityHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewaysOutdatedMonitoringAlertGateways Outdated Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.GatewaysOutdatedMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_9.CenterConfigurationHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewayStartFailureMonitoringAlertGateway Start Failure Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.GatewayStartFailureMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_9.CenterAvailabilityHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.GatewaySyslogEventListenerMonitoringAlertGateway Syslog Event Listener Monitoring Alert RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.GatewaySyslogEventListenerMonitoringAlertMicrosoft.AdvancedThreatAnalytics.1_9.CenterAvailabilityHealthTrue00TrueWarningNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.GoldenTicketSuspiciousActivityEncryption Downgrade Suspicious Activity (Skeleton Key) RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.GoldenTicketSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_9.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.HoneytokenActivitySuspiciousActivityGolden Ticket Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.HoneytokenActivitySuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_9.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.LdapBruteForceSuspiciousActivityLdap Brute Force Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.LdapBruteForceSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_9.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.LogicalActivityTranslatorEventActivityBlockSizeLogicalActivityTranslator Event Activity Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Center.LogicalActivityTranslatorEventActivityBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceCollectionTrueMicrosoft ATA CenterLogicalActivityTranslator Event Activity Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Center.LogicalActivityTranslatorNetworkActivityBlockSizeLogicalActivityTranslator Network Activity Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Center.LogicalActivityTranslatorNetworkActivityBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceCollectionTrueMicrosoft ATA CenterLogicalActivityTranslator Network Activity Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Center.LogicalActivityTranslatorUniqueEntityBlockSizeLogicalActivityTranslator Unique Entity Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Center.LogicalActivityTranslatorUniqueEntityBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceCollectionTrueMicrosoft ATA CenterLogicalActivityTranslator Unique Entity Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Center.MaliciousServiceCreationSuspiciousActivityMalicious Service Creation Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.MaliciousServiceCreationSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_9.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.MassiveObjectDeletionSuspiciousActivityMassive Object Deletion Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.MassiveObjectDeletionSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_9.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.NetworkActivityProcessorNetworkActivityBlockSizeNetworkActivityProcessor Network Activity Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Center.NetworkActivityProcessorNetworkActivityBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceCollectionTrueMicrosoft ATA CenterNetworkActivityProcessor Network Activity Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Center.NetworkActivityProcessorPostponedNetworkActivityBlockSizeNetworkActivityProcessor Postponed Network Activity Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Center.NetworkActivityProcessorPostponedNetworkActivityBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceCollectionTrueMicrosoft ATA CenterNetworkActivityProcessor Postponed Network Activity Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Center.PassTheHashSuspiciousActivityPass The Hash Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.PassTheHashSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_9.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.PassTheTicketSuspiciousActivityPass The Ticket Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.PassTheTicketSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_9.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.RemoteExecutionSuspiciousActivityRemote Execution Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.RemoteExecutionSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_9.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.RetrieveDataProtectionBackupKeySuspiciousActivityRetrieve Data Protection Backup Key Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.RetrieveDataProtectionBackupKeySuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_9.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.SamrReconnaissanceSuspiciousActivitySAMR Reconnaissance Suspicious Activity RuleMicrosoft.AdvancedThreatAnalytics.1_9.Center.SamrReconnaissanceSuspiciousActivityMicrosoft.AdvancedThreatAnalytics.1_9.CenterSecurityHealthFalse00TrueErrorNormalTrueMicrosoft ATA
Microsoft.AdvancedThreatAnalytics.1_9.Center.UniqueEntityProcessorUniqueEntityBlockSizeUniqueEntityProcessor Unique Entity Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Center.UniqueEntityProcessorUniqueEntityBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.CenterPerformanceCollectionTrueMicrosoft ATA CenterUniqueEntityProcessor Unique Entity Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Gateway.ActiveDirectoryAuthenticationFailureATA Gateway Failed to Authenticate Against the Domain ControllerRule to monitor Microsoft ATA 1.9 Gateway - ATA Gateway Failed to Authenticate Against the Domain ControllerMicrosoft.AdvancedThreatAnalytics.1_9.Gateway.ActiveDirectoryAuthenticationFailureMicrosoft.AdvancedThreatAnalytics.1_9.GatewayAvailabilityHealthTrue00TrueErrorNormalTrue
Microsoft.AdvancedThreatAnalytics.1_9.Gateway.CountersDisabledCounters might be disabled in the registryRule to monitor Microsoft ATA 1.9 Gateway - Counters might be disabled in the registryMicrosoft.AdvancedThreatAnalytics.1_9.Gateway.CountersDisabledMicrosoft.AdvancedThreatAnalytics.1_9.GatewayAvailabilityHealthTrue00TrueErrorNormalTrue
Microsoft.AdvancedThreatAnalytics.1_9.Gateway.EntityResolverActivityBlockSizeEntityResolver Activity Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Gateway.EntityResolverActivityBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.GatewayPerformanceCollectionTrueMicrosoft ATA GatewayEntityResolver Activity Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Gateway.EntitySenderEntityBatchBlockSizeEntitySender Entity Batch Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Gateway.EntitySenderEntityBatchBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.GatewayPerformanceCollectionTrueMicrosoft ATA GatewayEntitySender Entity Batch Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Gateway.EntitySenderEntityBatchSendTimeEntitySender Entity Batch Send Time1.9Microsoft.AdvancedThreatAnalytics.1_9.Gateway.EntitySenderEntityBatchSendTimeMicrosoft.AdvancedThreatAnalytics.1_9.GatewayPerformanceCollectionTrueMicrosoft ATA GatewayEntitySender Entity Batch Send Time3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Gateway.FailedToAuthenticateAgainstCenterATA Gateway Failed to Authenticate Against CenterRule to monitor Microsoft ATA 1.9 Gateway - ATA Gateway Failed to Authenticate Against CenterMicrosoft.AdvancedThreatAnalytics.1_9.Gateway.FailedToAuthenticateAgainstCenterMicrosoft.AdvancedThreatAnalytics.1_9.GatewayAvailabilityHealthTrue00TrueErrorNormalTrue
Microsoft.AdvancedThreatAnalytics.1_9.Gateway.FailedToEstablishConnectionToCenterATA Gateway failed to establish connection to the ATA CenterRule to monitor Microsoft ATA 1.9 Gateway - ATA Gateway failed to establish connection to the ATA CenterMicrosoft.AdvancedThreatAnalytics.1_9.Gateway.FailedToEstablishConnectionToCenterMicrosoft.AdvancedThreatAnalytics.1_9.GatewayAvailabilityHealthTrue00TrueErrorNormalTrue
Microsoft.AdvancedThreatAnalytics.1_9.Gateway.FailedToParseSyslogATA Gateway Failed to Parse SIEM Syslog MessageRule to monitor Microsoft ATA 1.9 Gateway - ATA Gateway Failed to Parse SIEM Syslog MessageMicrosoft.AdvancedThreatAnalytics.1_9.Gateway.FailedToParseSyslogMicrosoft.AdvancedThreatAnalytics.1_9.GatewayAvailabilityHealthTrue00TrueErrorNormalTrue
Microsoft.AdvancedThreatAnalytics.1_9.Gateway.FailedToQueryDCUsingLDAPProtocolATA Gateway failed to query the domain controller using the LDAP protocolRule to monitor Microsoft ATA 1.9 Gateway - ATA Gateway failed to query the domain controller using the LDAP protocolMicrosoft.AdvancedThreatAnalytics.1_9.Gateway.FailedToQueryDCUsingLDAPProtocolMicrosoft.AdvancedThreatAnalytics.1_9.GatewayAvailabilityHealthTrue00TrueErrorNormalTrue
Microsoft.AdvancedThreatAnalytics.1_9.Gateway.FailedToSynchronizeConfigurationFromCenterATA Gateway failed to synchronize the configuration from the ATA CenterRule to monitor Microsoft ATA 1.9 Gateway - ATA Gateway failed to synchronize the configuration from the ATA CenterMicrosoft.AdvancedThreatAnalytics.1_9.Gateway.FailedToSynchronizeConfigurationFromCenterMicrosoft.AdvancedThreatAnalytics.1_9.GatewayAvailabilityHealthTrue00TrueErrorNormalTrue
Microsoft.AdvancedThreatAnalytics.1_9.Gateway.FailedToValidateCenterCertificateChainATA Gateway Failed to Validate Center Certificate ChainRule to monitor Microsoft ATA 1.9 Gateway - ATA Gateway Failed to Validate Center Certificate ChainMicrosoft.AdvancedThreatAnalytics.1_9.Gateway.FailedToValidateCenterCertificateChainMicrosoft.AdvancedThreatAnalytics.1_9.GatewayAvailabilityHealthTrue00TrueErrorNormalTrue
Microsoft.AdvancedThreatAnalytics.1_9.Gateway.GatewayDoesNotHaveEnoughMemoryATA Gateway does not have enough memoryRule to monitor Microsoft ATA 1.9 Gateway - ATA Gateway does not have enough memoryMicrosoft.AdvancedThreatAnalytics.1_9.Gateway.GatewayDoesNotHaveEnoughMemoryMicrosoft.AdvancedThreatAnalytics.1_9.GatewayAvailabilityHealthTrue00TrueErrorNormalTrue
Microsoft.AdvancedThreatAnalytics.1_9.Gateway.GatewayUpdaterResourceManagerCommitMemoryMaxSizeGatewayUpdaterResourceManager Commit Memory Max Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Gateway.GatewayUpdaterResourceManagerCommitMemoryMaxSizeMicrosoft.AdvancedThreatAnalytics.1_9.GatewayPerformanceCollectionTrueMicrosoft ATA Gateway UpdaterGatewayUpdaterResourceManager Commit Memory Max Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Gateway.GatewayUpdaterResourceManagerCPUTimeMax_GatewayUpdaterResourceManager CPU Time Max \%1.9Microsoft.AdvancedThreatAnalytics.1_9.Gateway.GatewayUpdaterResourceManagerCPUTimeMax_Microsoft.AdvancedThreatAnalytics.1_9.GatewayPerformanceCollectionTrueMicrosoft ATA Gateway UpdaterGatewayUpdaterResourceManager CPU Time Max \%3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Gateway.GatewayUpdaterResourceManagerWorkingSetLimitSizeGatewayUpdaterResourceManager Working Set Limit Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Gateway.GatewayUpdaterResourceManagerWorkingSetLimitSizeMicrosoft.AdvancedThreatAnalytics.1_9.GatewayPerformanceCollectionTrueMicrosoft ATA Gateway UpdaterGatewayUpdaterResourceManager Working Set Limit Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Gateway.HostEntryInHOSTSFileThere is a host entry in the HOSTS file pointing to the machine's shortnameRule to monitor Microsoft ATA 1.9 Gateway - There is a host entry in the HOSTS file pointing to the machine's shortnameMicrosoft.AdvancedThreatAnalytics.1_9.Gateway.HostEntryInHOSTSFileMicrosoft.AdvancedThreatAnalytics.1_9.GatewayAvailabilityHealthTrue00TrueErrorNormalTrue
Microsoft.AdvancedThreatAnalytics.1_9.Gateway.MessageAnalyzerIsInstalledOnGatewayMessage Analyzer is installed on the ATA GatewayRule to monitor Microsoft ATA 1.9 Gateway - Message Analyzer is installed on the ATA GatewayMicrosoft.AdvancedThreatAnalytics.1_9.Gateway.MessageAnalyzerIsInstalledOnGatewayMicrosoft.AdvancedThreatAnalytics.1_9.GatewayAvailabilityHealthTrue00TrueErrorNormalTrue
Microsoft.AdvancedThreatAnalytics.1_9.Gateway.NetworkActivityTranslatorMessageData0BlockSizeNetworkActivityTranslator Message Data 0 Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Gateway.NetworkActivityTranslatorMessageData0BlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.GatewayPerformanceCollectionTrueMicrosoft ATA GatewayNetworkActivityTranslator Message Data 0 Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Gateway.NetworkListenerETWDroppedEvents_SecNetworkListener ETW Dropped Events/Sec1.9Microsoft.AdvancedThreatAnalytics.1_9.Gateway.NetworkListenerETWDroppedEvents_SecMicrosoft.AdvancedThreatAnalytics.1_9.GatewayPerformanceCollectionTrueMicrosoft ATA GatewayNetworkListener ETW Dropped Events/Sec3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Gateway.NetworkListenerPEFDroppedEvents_SecNetworkListener PEF Dropped Events/Sec1.9Microsoft.AdvancedThreatAnalytics.1_9.Gateway.NetworkListenerPEFDroppedEvents_SecMicrosoft.AdvancedThreatAnalytics.1_9.GatewayPerformanceCollectionTrueMicrosoft ATA GatewayNetworkListener PEF Dropped Events/Sec3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Gateway.NetworkListenerPEFParsedMessages_SecNetworkListener PEF Parsed Messages/Sec1.9Microsoft.AdvancedThreatAnalytics.1_9.Gateway.NetworkListenerPEFParsedMessages_SecMicrosoft.AdvancedThreatAnalytics.1_9.GatewayPerformanceCollectionTrueMicrosoft ATA GatewayNetworkListener PEF Parsed Messages/Sec3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Gateway.OtherPendingInstallationsThere are other pending installations on your computerRule to monitor Microsoft ATA 1.9 Gateway - There are other pending installations on your computerMicrosoft.AdvancedThreatAnalytics.1_9.Gateway.OtherPendingInstallationsMicrosoft.AdvancedThreatAnalytics.1_9.GatewayAvailabilityHealthTrue00TrueErrorNormalTrue
Microsoft.AdvancedThreatAnalytics.1_9.Gateway.PEFWasNotInstalledCorrectlyPEF (Message Analyzer) was not installed correctlyRule to monitor Microsoft ATA 1.9 Gateway - PEF (Message Analyzer) was not installed correctlyMicrosoft.AdvancedThreatAnalytics.1_9.Gateway.PEFWasNotInstalledCorrectlyMicrosoft.AdvancedThreatAnalytics.1_9.GatewayAvailabilityHealthTrue00TrueErrorNormalTrue
Microsoft.AdvancedThreatAnalytics.1_9.Gateway.PIDsWasEnabledForProcessNamesInGatewayPIDs was enabled for process names in the ATA GatewayRule to monitor Microsoft ATA 1.9 Gateway - PIDs was enabled for process names in the ATA GatewayMicrosoft.AdvancedThreatAnalytics.1_9.Gateway.PIDsWasEnabledForProcessNamesInGatewayMicrosoft.AdvancedThreatAnalytics.1_9.GatewayAvailabilityHealthTrue00TrueErrorNormalTrue
Microsoft.AdvancedThreatAnalytics.1_9.Gateway.RadiusEventActivityTranslatorRadiusPacketBlockSizeRadiusEventActivityTranslator Radius Packet Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Gateway.RadiusEventActivityTranslatorRadiusPacketBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.GatewayPerformanceCollectionTrueMicrosoft ATA GatewayRadiusEventActivityTranslator Radius Packet Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Gateway.SyslogEventActivityTranslatorStringBlockSizeSyslogEventActivityTranslator String Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Gateway.SyslogEventActivityTranslatorStringBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.GatewayPerformanceCollectionTrueMicrosoft ATA GatewaySyslogEventActivityTranslator String Block Size3000FalseTrue
Microsoft.AdvancedThreatAnalytics.1_9.Gateway.WefEventActivityTranslatorStringBlockSizeWefEventActivityTranslator String Block Size1.9Microsoft.AdvancedThreatAnalytics.1_9.Gateway.WefEventActivityTranslatorStringBlockSizeMicrosoft.AdvancedThreatAnalytics.1_9.GatewayPerformanceCollectionTrueMicrosoft ATA GatewayWefEventActivityTranslator String Block Size3000FalseTrue