| DisplayName | Description | ID | Target | Category | Enabled | Instance Name | Counter Name | Frequency | Event_ID | Event Source | Alert Generate | Alert Severity | Alert Priority | Remotable | Event Log |
![Microsoft.Linux.RHEL.5.LogFile.Syslog.Auth.Critical.Alert](/images/Rule.png) | Auth Critical alert rule | Alert rule for detection Critical Authentication | Microsoft.Linux.RHEL.5.LogFile.Syslog.Auth.Critical.Alert | Microsoft.Linux.RHEL.5.Computer | EventCollection | True | | | 0 | 0 | | True | Warning | Normal | True | |
![Microsoft.Linux.RHEL.5.LogFile.Syslog.Root.SSHAuth.Password.Alert](/images/Rule.png) | Root Password SSH Authentication alert rule | Alert rule for detection of Root Password via SSH Authentication | Microsoft.Linux.RHEL.5.LogFile.Syslog.Root.SSHAuth.Password.Alert | Microsoft.Linux.RHEL.5.Computer | EventCollection | True | | | 0 | 0 | | True | Warning | Normal | True | |
![Microsoft.Linux.RHEL.5.LogFile.Syslog.SSHAuth.PAM.Root.Failure.Alert](/images/Rule.png) | SSH Authentication Failure alert rule | Alert rule for detection of SSH Authentication failures. | Microsoft.Linux.RHEL.5.LogFile.Syslog.SSHAuth.PAM.Root.Failure.Alert | Microsoft.Linux.RHEL.5.Computer | EventCollection | True | | | 0 | 0 | | True | Error | Normal | True | |
![Microsoft.Linux.RHEL.5.LogFile.Syslog.SSHAuth.PAM.Root.Success.Alert](/images/Rule.png) | Root PAM SSH Authentication Alert Rule | Alert rule for detection of Root Authentication via PAM SSH | Microsoft.Linux.RHEL.5.LogFile.Syslog.SSHAuth.PAM.Root.Success.Alert | Microsoft.Linux.RHEL.5.Computer | EventCollection | True | | | 0 | 0 | | True | Information | Normal | True | |
![Microsoft.Linux.RHEL.5.LogFile.Syslog.SU.Command.Alert](/images/Rule.png) | SU Command alert rule | Alert rule for successful "SU to root command" messages. | Microsoft.Linux.RHEL.5.LogFile.Syslog.SU.Command.Alert | Microsoft.Linux.RHEL.5.Computer | EventCollection | True | | | 0 | 0 | | True | Information | Normal | True | |
![Microsoft.Linux.RHEL.5.LogicalDisk.DiskBytesPerSecond.Collection](/images/Rule.png) | Disk Bytes/sec (Red Hat Enterprise Linux Server 5) | Collection rule for the performance counter Logical Disk\Disk Bytes/sec | Microsoft.Linux.RHEL.5.LogicalDisk.DiskBytesPerSecond.Collection | Microsoft.Linux.RHEL.5.LogicalDisk | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.LogicalDisk.DiskReadBytesPerSecond.Collection](/images/Rule.png) | Disk Read Bytes/sec (Red Hat Enterprise Linux Server 5) | Collection rule for the performance counter Logical Disk\Disk Read Bytes/sec | Microsoft.Linux.RHEL.5.LogicalDisk.DiskReadBytesPerSecond.Collection | Microsoft.Linux.RHEL.5.LogicalDisk | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.LogicalDisk.DiskReadsPerSecond.Collection](/images/Rule.png) | Disk Reads/sec (Red Hat Enterprise Linux Server 5) | Collection rule for the performance counter Logical Disk\Disk Reads/sec | Microsoft.Linux.RHEL.5.LogicalDisk.DiskReadsPerSecond.Collection | Microsoft.Linux.RHEL.5.LogicalDisk | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.LogicalDisk.DiskTransfersPerSecond.Collection](/images/Rule.png) | Disk Transfers/sec (Red Hat Enterprise Linux Server 5) | Collection rule for the performance counter Logical Disk\Disk Transfers/sec | Microsoft.Linux.RHEL.5.LogicalDisk.DiskTransfersPerSecond.Collection | Microsoft.Linux.RHEL.5.LogicalDisk | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.LogicalDisk.DiskWriteBytesPerSecond.Collection](/images/Rule.png) | Disk Write Bytes/sec (Red Hat Enterprise Linux Server 5) | Collection rule for the performance counter Logical Disk\Disk Write Bytes/sec | Microsoft.Linux.RHEL.5.LogicalDisk.DiskWriteBytesPerSecond.Collection | Microsoft.Linux.RHEL.5.LogicalDisk | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.LogicalDisk.DiskWritesPerSecond.Collection](/images/Rule.png) | Disk Writes/sec (Red Hat Enterprise Linux Server 5) | Collection rule for the performance counter Logical Disk\Disk Writes/sec | Microsoft.Linux.RHEL.5.LogicalDisk.DiskWritesPerSecond.Collection | Microsoft.Linux.RHEL.5.LogicalDisk | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.LogicalDisk.FreeMegabytes.Collection](/images/Rule.png) | Free Megabytes (Red Hat Enterprise Linux Server 5) | Collection rule for the performance counter Logical Disk\Free Megabytes | Microsoft.Linux.RHEL.5.LogicalDisk.FreeMegabytes.Collection | Microsoft.Linux.RHEL.5.LogicalDisk | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.LogicalDisk.PercentFreeSpace.Collection](/images/Rule.png) | \% Free Space (Red Hat Enterprise Linux Server 5) | Collection rule for the performance counter Logical Disk\\% Free Space | Microsoft.Linux.RHEL.5.LogicalDisk.PercentFreeSpace.Collection | Microsoft.Linux.RHEL.5.LogicalDisk | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.LogicalDisk.PercentUsedSpace.Collection](/images/Rule.png) | \% Used Space (Red Hat Enterprise Linux Server 5) | Collection rule for the performance counter Logical Disk\\% Used Space | Microsoft.Linux.RHEL.5.LogicalDisk.PercentUsedSpace.Collection | Microsoft.Linux.RHEL.5.LogicalDisk | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.LogicalDisk.UsedMegabyte.Collection](/images/Rule.png) | Used Megabytes (Red Hat Enterprise Linux Server 5) | Collection rule for the performance counter Logical Disk\Used Megabytes | Microsoft.Linux.RHEL.5.LogicalDisk.UsedMegabyte.Collection | Microsoft.Linux.RHEL.5.LogicalDisk | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.NetworkAdapter.BytesReceivedPerSec.Collection](/images/Rule.png) | Byte Received/Sec (Red Hat Enterprise Linux Server 5) | Collection rule for the performance counter Network Adapter\Bytes Received/Sec | Microsoft.Linux.RHEL.5.NetworkAdapter.BytesReceivedPerSec.Collection | Microsoft.Linux.RHEL.5.NetworkAdapter | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.NetworkAdapter.BytesSentPerSec.Collection](/images/Rule.png) | Byte Sent/Sec (Red Hat Enterprise Linux Server 5) | Collection rule for the performance counter Network Adapter\Bytes Sent/Sec | Microsoft.Linux.RHEL.5.NetworkAdapter.BytesSentPerSec.Collection | Microsoft.Linux.RHEL.5.NetworkAdapter | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.NetworkAdapter.BytesTotalSec.Collection](/images/Rule.png) | Bytes Total/Sec (Red Hat Enterprise Linux Server 5) | Collection rule for the performance counter Network Adapter\Bytes Total/Sec | Microsoft.Linux.RHEL.5.NetworkAdapter.BytesTotalSec.Collection | Microsoft.Linux.RHEL.5.NetworkAdapter | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.OperatingSystem.AvailableMBytes.Collection](/images/Rule.png) | Available MBytes (Red Hat Enterprise Linux Server 5) | Collection rule for the performance counter Memory\Available MBytes | Microsoft.Linux.RHEL.5.OperatingSystem.AvailableMBytes.Collection | Microsoft.Linux.RHEL.5.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.OperatingSystem.AvailableMBytesSwap.Collection](/images/Rule.png) | Available MBytes (Red Hat Enterprise Linux Server 5) | Collection rule for the performance counter Swap Space\Available MBytes | Microsoft.Linux.RHEL.5.OperatingSystem.AvailableMBytesSwap.Collection | Microsoft.Linux.RHEL.5.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.OperatingSystem.PageReadsPerSecond.Collection](/images/Rule.png) | Page Reads/sec (Red Hat Enterprise Linux Server 5) | Collection rule for the performance counter Memory\Page Reads/sec | Microsoft.Linux.RHEL.5.OperatingSystem.PageReadsPerSecond.Collection | Microsoft.Linux.RHEL.5.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.OperatingSystem.PagesPerSecond.Collection](/images/Rule.png) | Pages/sec (Red Hat Enterprise Linux Server 5) | Collection rule for the performance counter Memory\Pages/sec | Microsoft.Linux.RHEL.5.OperatingSystem.PagesPerSecond.Collection | Microsoft.Linux.RHEL.5.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.OperatingSystem.PageWritesPerSecond.Collection](/images/Rule.png) | Page Writes/sec (Red Hat Enterprise Linux Server 5) | Collection rule for the performance counter Memory\Page Writes/sec | Microsoft.Linux.RHEL.5.OperatingSystem.PageWritesPerSecond.Collection | Microsoft.Linux.RHEL.5.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.OperatingSystem.PercentAvailableMemory.Collection](/images/Rule.png) | \% Available Memory (Red Hat Enterprise Linux Server 5) | Collection rule for the performance counter Memory\\% Available Memory | Microsoft.Linux.RHEL.5.OperatingSystem.PercentAvailableMemory.Collection | Microsoft.Linux.RHEL.5.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.OperatingSystem.PercentAvailableSwap.Collection](/images/Rule.png) | \% Available Swap Space (Red Hat Enterprise Linux Server 5) | Collection rule for the performance counter Swap Space\\% Available Swap Space | Microsoft.Linux.RHEL.5.OperatingSystem.PercentAvailableSwap.Collection | Microsoft.Linux.RHEL.5.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.OperatingSystem.PercentUsedMemory.Collection](/images/Rule.png) | \% Used Memory (Red Hat Enterprise Linux Server 5) | Collection rule for the performance counter Memory\\% Used Memory | Microsoft.Linux.RHEL.5.OperatingSystem.PercentUsedMemory.Collection | Microsoft.Linux.RHEL.5.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.OperatingSystem.PercentUsedSwapSpace.Collection](/images/Rule.png) | \% Used Swap Space (Red Hat Enterprise Linux Server 5) | Collection rule for the performance counter Swap Space\\% Used Swap Space | Microsoft.Linux.RHEL.5.OperatingSystem.PercentUsedSwapSpace.Collection | Microsoft.Linux.RHEL.5.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.OperatingSystem.TotalPercentDPCTime.Collection](/images/Rule.png) | Total Processor \% DPC Time (Red Hat Enterprise Linux Server 5) | Collects the performance counter Processor\\% DPC Time | Microsoft.Linux.RHEL.5.OperatingSystem.TotalPercentDPCTime.Collection | Microsoft.Linux.RHEL.5.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.OperatingSystem.TotalPercentIdleTime.Collection](/images/Rule.png) | Total Processor \% Idle Time (Red Hat Enterprise Linux Server 5) | Collects the performance counter Processor\\% Idle Time | Microsoft.Linux.RHEL.5.OperatingSystem.TotalPercentIdleTime.Collection | Microsoft.Linux.RHEL.5.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.OperatingSystem.TotalPercentInterruptTime.Collection](/images/Rule.png) | Total Processor \% Interrupt Time (Red Hat Enterprise Linux Server 5) | Collects the performance counter Processor\\% Interrupt Time | Microsoft.Linux.RHEL.5.OperatingSystem.TotalPercentInterruptTime.Collection | Microsoft.Linux.RHEL.5.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.OperatingSystem.TotalPercentIOWaitTime.Collection](/images/Rule.png) | Total Processor \% IO Wait Time (Red Hat Enterprise Linux Server 5) | Collects the performance counter Processor\\% IO Wait Time | Microsoft.Linux.RHEL.5.OperatingSystem.TotalPercentIOWaitTime.Collection | Microsoft.Linux.RHEL.5.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.OperatingSystem.TotalPercentNiceTime.Collection](/images/Rule.png) | Total Processor \% Nice Time (Red Hat Enterprise Linux Server 5) | Collects the performance counter Processor\\% Nice Time | Microsoft.Linux.RHEL.5.OperatingSystem.TotalPercentNiceTime.Collection | Microsoft.Linux.RHEL.5.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.OperatingSystem.TotalPercentPrivilegedTime.Collection](/images/Rule.png) | Total Processor \% Privileged Time (Red Hat Enterprise Linux Server 5) | Collects the performance counter Processor\\% Privileged Time | Microsoft.Linux.RHEL.5.OperatingSystem.TotalPercentPrivilegedTime.Collection | Microsoft.Linux.RHEL.5.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.OperatingSystem.TotalPercentProcessorTime.Collection](/images/Rule.png) | Total Processor \% Processor Time (Red Hat Enterprise Linux Server 5) | Collects the performance counter Processor\\% Processor Time | Microsoft.Linux.RHEL.5.OperatingSystem.TotalPercentProcessorTime.Collection | Microsoft.Linux.RHEL.5.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.OperatingSystem.TotalPercentUserTime.Collection](/images/Rule.png) | Total Processor \% User Time (Red Hat Enterprise Linux Server 5) | Collects the performance counter Processor\\% User Time | Microsoft.Linux.RHEL.5.OperatingSystem.TotalPercentUserTime.Collection | Microsoft.Linux.RHEL.5.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.OperatingSystem.UsedMBytesSwap.Collection](/images/Rule.png) | Used MBytes (Red Hat Enterprise Linux Server 5) | Collection rule for the performance counter Swap Space\Used MBytes | Microsoft.Linux.RHEL.5.OperatingSystem.UsedMBytesSwap.Collection | Microsoft.Linux.RHEL.5.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.OperatingSystem.UsedMemoryMBytes.Collection](/images/Rule.png) | Used Memory MBytes (Red Hat Enterprise Linux Server 5) | Collection rule for the performance counter Memory\Used Memory MBytes | Microsoft.Linux.RHEL.5.OperatingSystem.UsedMemoryMBytes.Collection | Microsoft.Linux.RHEL.5.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.PhysicalDisk.AverageDiskReadTime.Collection](/images/Rule.png) | Avg. Disk sec/Read (Red Hat Enterprise Linux Server 5) | Collection rule for the performance counter Physical Disk\Avg. Disk sec/Read | Microsoft.Linux.RHEL.5.PhysicalDisk.AverageDiskReadTime.Collection | Microsoft.Linux.RHEL.5.PhysicalDisk | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.PhysicalDisk.AverageDiskTransferTime.Collection](/images/Rule.png) | Avg. Disk sec/Transfer (Red Hat Enterprise Linux Server 5) | Collection rule for the performance counter Physical Disk\Avg. Disk sec/Transfer | Microsoft.Linux.RHEL.5.PhysicalDisk.AverageDiskTransferTime.Collection | Microsoft.Linux.RHEL.5.PhysicalDisk | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.PhysicalDisk.AverageDiskWriteTime.Collection](/images/Rule.png) | Avg. Disk sec/Write (Red Hat Enterprise Linux Server 5) | Collection rule for the performance counter Physical Disk\Avg. Disk sec/Write | Microsoft.Linux.RHEL.5.PhysicalDisk.AverageDiskWriteTime.Collection | Microsoft.Linux.RHEL.5.PhysicalDisk | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.PhysicalDisk.DiskBytesPerSecond.Collection](/images/Rule.png) | Disk Bytes/sec (Red Hat Enterprise Linux Server 5) | Collection rule for the performance counter Physical Disk\Disk Bytes/sec | Microsoft.Linux.RHEL.5.PhysicalDisk.DiskBytesPerSecond.Collection | Microsoft.Linux.RHEL.5.PhysicalDisk | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.Processor.PercentIdleTime.Collection](/images/Rule.png) | Processor \% Idle Time (Red Hat Enterprise Linux Server 5) | Collects the performance counter Processor\\% Idle Time | Microsoft.Linux.RHEL.5.Processor.PercentIdleTime.Collection | Microsoft.Linux.RHEL.5.Processor | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.Processor.PercentNiceTime.Collection](/images/Rule.png) | Processor \% Nice Time (Red Hat Enterprise Linux Server 5) | Collects the performance counter Processor\\% Nice Time | Microsoft.Linux.RHEL.5.Processor.PercentNiceTime.Collection | Microsoft.Linux.RHEL.5.Processor | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.Processor.PercentPrivilegedTime.Collection](/images/Rule.png) | Processor \% Privileged Time (Red Hat Enterprise Linux Server 5) | Collects the performance counter Processor\\% Privileged Time | Microsoft.Linux.RHEL.5.Processor.PercentPrivilegedTime.Collection | Microsoft.Linux.RHEL.5.Processor | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.Processor.PercentProcessorTime.Collection](/images/Rule.png) | Processor \% Time (Red Hat Enterprise Linux Server 5) | Collects the performance counter Processor\\% Processor Time | Microsoft.Linux.RHEL.5.Processor.PercentProcessorTime.Collection | Microsoft.Linux.RHEL.5.Processor | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.Processor.PercentUserTime.Collection](/images/Rule.png) | Processor \% User Time (Red Hat Enterprise Linux Server 5) | Collects the performance counter Processor\\% User Time | Microsoft.Linux.RHEL.5.Processor.PercentUserTime.Collection | Microsoft.Linux.RHEL.5.Processor | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.Processor.TotalPercentDPCTime.Collection](/images/Rule.png) | Processor \% DPC Time (Red Hat Enterprise Linux Server 5) | Collects the performance counter Processor\\% DPC Time | Microsoft.Linux.RHEL.5.Processor.TotalPercentDPCTime.Collection | Microsoft.Linux.RHEL.5.Processor | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.Processor.TotalPercentInterruptTime.Collection](/images/Rule.png) | Processor \% Interrupt Time (Red Hat Enterprise Linux Server 5) | Collects the performance counter Processor\\% Interrupt Time | Microsoft.Linux.RHEL.5.Processor.TotalPercentInterruptTime.Collection | Microsoft.Linux.RHEL.5.Processor | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.RHEL.5.Processor.TotalPercentIOWaitTime.Collection](/images/Rule.png) | Processor \% IO Time (Red Hat Enterprise Linux Server 5) | Collects the performance counter Processor\\% IO Wait Time | Microsoft.Linux.RHEL.5.Processor.TotalPercentIOWaitTime.Collection | Microsoft.Linux.RHEL.5.Processor | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |