| DisplayName | Description | ID | Target | Category | Enabled | Instance Name | Counter Name | Frequency | Event_ID | Event Source | Alert Generate | Alert Severity | Alert Priority | Remotable | Event Log |
![Microsoft.Linux.Universal.LogFile.Syslog.Root.SSHAuth.Password.Alert](/images/Rule.png) | Root Password SSH Authentication alert rule | Alert rule for detection of Root Password via SSH Authentication | Microsoft.Linux.Universal.LogFile.Syslog.Root.SSHAuth.Password.Alert | Microsoft.Linux.Universal.Computer | EventCollection | False | | | 0 | 0 | | True | Information | Normal | True | |
![Microsoft.Linux.Universal.LogFile.Syslog.SSHAuth.PAM.Root.Failure.Alert](/images/Rule.png) | SSH Authentication Failure alert rule | Alert rule for detection of SSH Authentication failures. | Microsoft.Linux.Universal.LogFile.Syslog.SSHAuth.PAM.Root.Failure.Alert | Microsoft.Linux.Universal.Computer | EventCollection | False | | | 0 | 0 | | True | Error | Normal | True | |
![Microsoft.Linux.Universal.LogFile.Syslog.SU.Command.Root.Failure.Alert](/images/Rule.png) | SU Command Failure alert rule | Alert rule for failed "SU to root command" messages. | Microsoft.Linux.Universal.LogFile.Syslog.SU.Command.Root.Failure.Alert | Microsoft.Linux.Universal.Computer | EventCollection | False | | | 0 | 0 | | True | Error | Normal | True | |
![Microsoft.Linux.Universal.LogFile.Syslog.SU.Command.Root.Success.Alert](/images/Rule.png) | SU Command Success alert rule | Alert rule for successful "SU to root command" messages. | Microsoft.Linux.Universal.LogFile.Syslog.SU.Command.Root.Success.Alert | Microsoft.Linux.Universal.Computer | EventCollection | False | | | 0 | 0 | | True | Information | Normal | True | |
![Microsoft.Linux.Universal.LogicalDisk.DiskBytesPerSecond.Collection](/images/Rule.png) | Logical Disk Bytes/sec (Universal Linux) | Collection rule for the performance counter Logical Disk\Disk Bytes/sec | Microsoft.Linux.Universal.LogicalDisk.DiskBytesPerSecond.Collection | Microsoft.Linux.Universal.LogicalDisk | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.LogicalDisk.DiskReadBytesPerSecond.Collection](/images/Rule.png) | Disk Read Bytes/sec (Universal Linux) | Collection rule for the performance counter Logical Disk\Disk Read Bytes/sec | Microsoft.Linux.Universal.LogicalDisk.DiskReadBytesPerSecond.Collection | Microsoft.Linux.Universal.LogicalDisk | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.LogicalDisk.DiskReadsPerSecond.Collection](/images/Rule.png) | Disk Reads/sec (Universal Linux) | Collection rule for the performance counter Logical Disk\Disk Reads/sec | Microsoft.Linux.Universal.LogicalDisk.DiskReadsPerSecond.Collection | Microsoft.Linux.Universal.LogicalDisk | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.LogicalDisk.DiskTransfersPerSecond.Collection](/images/Rule.png) | Disk Transfers/sec (Universal Linux) | Collection rule for the performance counter Logical Disk\Disk Transfers/sec | Microsoft.Linux.Universal.LogicalDisk.DiskTransfersPerSecond.Collection | Microsoft.Linux.Universal.LogicalDisk | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.LogicalDisk.DiskWriteBytesPerSecond.Collection](/images/Rule.png) | Disk Write Bytes/sec (Universal Linux) | Collection rule for the performance counter Logical Disk\Disk Write Bytes/sec | Microsoft.Linux.Universal.LogicalDisk.DiskWriteBytesPerSecond.Collection | Microsoft.Linux.Universal.LogicalDisk | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.LogicalDisk.DiskWritesPerSecond.Collection](/images/Rule.png) | Disk Writes/sec (Universal Linux) | Collection rule for the performance counter Logical Disk\Disk Writes/sec | Microsoft.Linux.Universal.LogicalDisk.DiskWritesPerSecond.Collection | Microsoft.Linux.Universal.LogicalDisk | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.LogicalDisk.FreeMegabytes.Collection](/images/Rule.png) | Free Megabytes (Universal Linux) | Collection rule for the performance counter Logical Disk\Free Megabytes | Microsoft.Linux.Universal.LogicalDisk.FreeMegabytes.Collection | Microsoft.Linux.Universal.LogicalDisk | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.LogicalDisk.PercentFreeInodes.Collection](/images/Rule.png) | \% Free Inodes (Universal Linux) | Collection rule for the performance counter Logical Disk\\% Free Inodes | Microsoft.Linux.Universal.LogicalDisk.PercentFreeInodes.Collection | Microsoft.Linux.Universal.LogicalDisk | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.LogicalDisk.PercentFreeSpace.Collection](/images/Rule.png) | \% Free Space (Universal Linux) | Collection rule for the performance counter Logical Disk\\% Free Space | Microsoft.Linux.Universal.LogicalDisk.PercentFreeSpace.Collection | Microsoft.Linux.Universal.LogicalDisk | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.LogicalDisk.PercentUsedInodes.Collection](/images/Rule.png) | \% Used Inodes (Universal Linux) | Collection rule for the performance counter Logical Disk\\% Used Inodes | Microsoft.Linux.Universal.LogicalDisk.PercentUsedInodes.Collection | Microsoft.Linux.Universal.LogicalDisk | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.LogicalDisk.PercentUsedSpace.Collection](/images/Rule.png) | \% Used Space (Universal Linux) | Collection rule for the performance counter Logical Disk\\% Used Space | Microsoft.Linux.Universal.LogicalDisk.PercentUsedSpace.Collection | Microsoft.Linux.Universal.LogicalDisk | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.LogicalDisk.UsedMegabyte.Collection](/images/Rule.png) | Used Megabytes (Universal Linux) | Collection rule for the performance counter Logical Disk\Used Megabytes | Microsoft.Linux.Universal.LogicalDisk.UsedMegabyte.Collection | Microsoft.Linux.Universal.LogicalDisk | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.NetworkAdapter.BytesReceivedPerSec.Collection](/images/Rule.png) | Byte Received/Sec (Universal Linux) | Collection rule for the performance counter Network Adapter\Bytes Received/Sec | Microsoft.Linux.Universal.NetworkAdapter.BytesReceivedPerSec.Collection | Microsoft.Linux.Universal.NetworkAdapter | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.NetworkAdapter.BytesSentPerSec.Collection](/images/Rule.png) | Byte Sent/Sec (Universal Linux) | Collection rule for the performance counter Network Adapter\Bytes Sent/Sec | Microsoft.Linux.Universal.NetworkAdapter.BytesSentPerSec.Collection | Microsoft.Linux.Universal.NetworkAdapter | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.NetworkAdapter.BytesTotalSec.Collection](/images/Rule.png) | Bytes Total/Sec (Universal Linux) | Collection rule for the performance counter Network Adapter\Bytes Total/Sec | Microsoft.Linux.Universal.NetworkAdapter.BytesTotalSec.Collection | Microsoft.Linux.Universal.NetworkAdapter | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.OperatingSystem.AvailableMBytes.Collection](/images/Rule.png) | Available MBytes Memory (Universal Linux) | Collection rule for the performance counter Memory\Available MBytes | Microsoft.Linux.Universal.OperatingSystem.AvailableMBytes.Collection | Microsoft.Linux.Universal.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.OperatingSystem.AvailableMBytesSwap.Collection](/images/Rule.png) | Available MBytes Swap (Universal Linux) | Collection rule for the performance counter Swap Space\Available MBytes | Microsoft.Linux.Universal.OperatingSystem.AvailableMBytesSwap.Collection | Microsoft.Linux.Universal.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.OperatingSystem.PageReadsPerSecond.Collection](/images/Rule.png) | Page Reads/sec (Universal Linux) | Collection rule for the performance counter Memory\Page Reads/sec | Microsoft.Linux.Universal.OperatingSystem.PageReadsPerSecond.Collection | Microsoft.Linux.Universal.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.OperatingSystem.PagesPerSecond.Collection](/images/Rule.png) | Pages/sec (Universal Linux) | Collection rule for the performance counter Memory\Pages/sec | Microsoft.Linux.Universal.OperatingSystem.PagesPerSecond.Collection | Microsoft.Linux.Universal.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.OperatingSystem.PageWritesPerSecond.Collection](/images/Rule.png) | Page Writes/sec (Universal Linux) | Collection rule for the performance counter Memory\Page Writes/sec | Microsoft.Linux.Universal.OperatingSystem.PageWritesPerSecond.Collection | Microsoft.Linux.Universal.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.OperatingSystem.PercentAvailableMemory.Collection](/images/Rule.png) | \% Available Memory (Universal Linux) | Collection rule for the performance counter Memory\\% Available Memory | Microsoft.Linux.Universal.OperatingSystem.PercentAvailableMemory.Collection | Microsoft.Linux.Universal.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.OperatingSystem.PercentAvailableSwap.Collection](/images/Rule.png) | \% Available Swap Space (Universal Linux) | Collection rule for the performance counter Swap Space\\% Available Swap Space | Microsoft.Linux.Universal.OperatingSystem.PercentAvailableSwap.Collection | Microsoft.Linux.Universal.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.OperatingSystem.PercentUsedMemory.Collection](/images/Rule.png) | \% Used Memory (Universal Linux) | Collection rule for the performance counter Memory\\% Used Memory | Microsoft.Linux.Universal.OperatingSystem.PercentUsedMemory.Collection | Microsoft.Linux.Universal.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.OperatingSystem.PercentUsedSwapSpace.Collection](/images/Rule.png) | \% Used Swap Space (Universal Linux) | Collection rule for the performance counter Swap Space\\% Used Swap Space | Microsoft.Linux.Universal.OperatingSystem.PercentUsedSwapSpace.Collection | Microsoft.Linux.Universal.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.OperatingSystem.TotalPercentDPCTime.Collection](/images/Rule.png) | Total Processor \% DPC Time (Universal Linux) | Collects the performance counter Processor\\% DPC Time | Microsoft.Linux.Universal.OperatingSystem.TotalPercentDPCTime.Collection | Microsoft.Linux.Universal.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.OperatingSystem.TotalPercentIdleTime.Collection](/images/Rule.png) | Total Processor \% Idle Time (Universal Linux) | Collects the performance counter Processor\\% Idle Time | Microsoft.Linux.Universal.OperatingSystem.TotalPercentIdleTime.Collection | Microsoft.Linux.Universal.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.OperatingSystem.TotalPercentInterruptTime.Collection](/images/Rule.png) | Total Processor \% Interrupt Time (Universal Linux) | Collects the performance counter Processor\\% Interrupt Time | Microsoft.Linux.Universal.OperatingSystem.TotalPercentInterruptTime.Collection | Microsoft.Linux.Universal.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.OperatingSystem.TotalPercentIOWaitTime.Collection](/images/Rule.png) | Total Processor \% IO Wait Time (Universal Linux) | Collects the performance counter Processor\\% IO Wait Time | Microsoft.Linux.Universal.OperatingSystem.TotalPercentIOWaitTime.Collection | Microsoft.Linux.Universal.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.OperatingSystem.TotalPercentNiceTime.Collection](/images/Rule.png) | Total Processor \% Nice Time (Universal Linux) | Collects the performance counter Processor\\% Nice Time | Microsoft.Linux.Universal.OperatingSystem.TotalPercentNiceTime.Collection | Microsoft.Linux.Universal.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.OperatingSystem.TotalPercentPrivilegedTime.Collection](/images/Rule.png) | Total Processor \% Privileged Time (Universal Linux) | Collects the performance counter Processor\\% Privileged Time | Microsoft.Linux.Universal.OperatingSystem.TotalPercentPrivilegedTime.Collection | Microsoft.Linux.Universal.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.OperatingSystem.TotalPercentProcessorTime.Collection](/images/Rule.png) | Total Processor \% Processor Time (Universal Linux) | Collects the performance counter Processor\\% Processor Time | Microsoft.Linux.Universal.OperatingSystem.TotalPercentProcessorTime.Collection | Microsoft.Linux.Universal.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.OperatingSystem.TotalPercentUserTime.Collection](/images/Rule.png) | Total Processor \% User Time (Universal Linux) | Collects the performance counter Processor\\% User Time | Microsoft.Linux.Universal.OperatingSystem.TotalPercentUserTime.Collection | Microsoft.Linux.Universal.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.OperatingSystem.UsedMBytesSwap.Collection](/images/Rule.png) | Used Swap MBytes (Universal Linux) | Collection rule for the performance counter Swap Space\Used MBytes | Microsoft.Linux.Universal.OperatingSystem.UsedMBytesSwap.Collection | Microsoft.Linux.Universal.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.OperatingSystem.UsedMemoryMBytes.Collection](/images/Rule.png) | Used Memory MBytes (Universal Linux) | Collection rule for the performance counter Memory\Used Memory MBytes | Microsoft.Linux.Universal.OperatingSystem.UsedMemoryMBytes.Collection | Microsoft.Linux.Universal.OperatingSystem | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.PhysicalDisk.AverageDiskReadTime.Collection](/images/Rule.png) | Avg. Disk sec/Read (Universal Linux) | Collection rule for the performance counter Physical Disk\Avg. Disk sec/Read | Microsoft.Linux.Universal.PhysicalDisk.AverageDiskReadTime.Collection | Microsoft.Linux.Universal.PhysicalDisk | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.PhysicalDisk.AverageDiskTransferTime.Collection](/images/Rule.png) | Avg. Disk sec/Transfer (Universal Linux) | Collection rule for the performance counter Physical Disk\Avg. Disk sec/Transfer | Microsoft.Linux.Universal.PhysicalDisk.AverageDiskTransferTime.Collection | Microsoft.Linux.Universal.PhysicalDisk | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.PhysicalDisk.AverageDiskWriteTime.Collection](/images/Rule.png) | Avg. Disk sec/Write (Universal Linux) | Collection rule for the performance counter Physical Disk\Avg. Disk sec/Write | Microsoft.Linux.Universal.PhysicalDisk.AverageDiskWriteTime.Collection | Microsoft.Linux.Universal.PhysicalDisk | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.PhysicalDisk.DiskBytesPerSecond.Collection](/images/Rule.png) | Physical Disk Bytes/sec (Universal Linux) | Collection rule for the performance counter Physical Disk\Disk Bytes/sec | Microsoft.Linux.Universal.PhysicalDisk.DiskBytesPerSecond.Collection | Microsoft.Linux.Universal.PhysicalDisk | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.Processor.PercentIdleTime.Collection](/images/Rule.png) | Processor \% Idle Time (Universal Linux) | Collects the performance counter Processor\\% Idle Time | Microsoft.Linux.Universal.Processor.PercentIdleTime.Collection | Microsoft.Linux.Universal.Processor | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.Processor.PercentNiceTime.Collection](/images/Rule.png) | Processor \% Nice Time (Universal Linux) | Collects the performance counter Processor\\% Nice Time | Microsoft.Linux.Universal.Processor.PercentNiceTime.Collection | Microsoft.Linux.Universal.Processor | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.Processor.PercentPrivilegedTime.Collection](/images/Rule.png) | Processor \% Privileged Time (Universal Linux) | Collects the performance counter Processor\\% Privileged Time | Microsoft.Linux.Universal.Processor.PercentPrivilegedTime.Collection | Microsoft.Linux.Universal.Processor | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.Processor.PercentProcessorTime.Collection](/images/Rule.png) | Processor \% Time (Universal Linux) | Collects the performance counter Processor\\% Processor Time | Microsoft.Linux.Universal.Processor.PercentProcessorTime.Collection | Microsoft.Linux.Universal.Processor | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.Processor.PercentUserTime.Collection](/images/Rule.png) | Processor \% User Time (Universal Linux) | Collects the performance counter Processor\\% User Time | Microsoft.Linux.Universal.Processor.PercentUserTime.Collection | Microsoft.Linux.Universal.Processor | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.Processor.TotalPercentDPCTime.Collection](/images/Rule.png) | Processor \% DPC Time (Universal Linux) | Collects the performance counter Processor\\% DPC Time | Microsoft.Linux.Universal.Processor.TotalPercentDPCTime.Collection | Microsoft.Linux.Universal.Processor | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.Processor.TotalPercentInterruptTime.Collection](/images/Rule.png) | Processor \% Interrupt Time (Universal Linux) | Collects the performance counter Processor\\% Interrupt Time | Microsoft.Linux.Universal.Processor.TotalPercentInterruptTime.Collection | Microsoft.Linux.Universal.Processor | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |
![Microsoft.Linux.Universal.Processor.TotalPercentIOWaitTime.Collection](/images/Rule.png) | Processor \% IO Time (Universal Linux) | Collects the performance counter Processor\\% IO Wait Time | Microsoft.Linux.Universal.Processor.TotalPercentIOWaitTime.Collection | Microsoft.Linux.Universal.Processor | PerformanceCollection | True | | | 0 | 0 | | False | | | True | |