| | ID | Context | Target | Type | Property | Value | Category | Enforced |
|---|
 | Microsoft.AdvancedThreatAnalytics.1_8.Center.AbnormalBehaviorSuspiciousActivity.Override | Microsoft.AdvancedThreatAnalytics.1_8.Center | Microsoft.AdvancedThreatAnalytics.1_8.Center.AbnormalBehaviorSuspiciousActivity | RulePropertyOverride | Enabled | true | | False |
| Microsoft.AdvancedThreatAnalytics.1_8.Center.AbnormalProtocolSuspiciousActivity.Override | Microsoft.AdvancedThreatAnalytics.1_8.Center | Microsoft.AdvancedThreatAnalytics.1_8.Center.AbnormalProtocolSuspiciousActivity | RulePropertyOverride | Enabled | true | | False |
| Microsoft.AdvancedThreatAnalytics.1_8.Center.AbnormalSensitiveGroupMembershipChangeSuspiciousActivity.Override | Microsoft.AdvancedThreatAnalytics.1_8.Center | Microsoft.AdvancedThreatAnalytics.1_8.Center.AbnormalSensitiveGroupMembershipChangeSuspiciousActivity | RulePropertyOverride | Enabled | true | | False |
| Microsoft.AdvancedThreatAnalytics.1_8.Center.AbnormalVpnSuspiciousActivity.Override | Microsoft.AdvancedThreatAnalytics.1_8.Center | Microsoft.AdvancedThreatAnalytics.1_8.Center.AbnormalVpnSuspiciousActivity | RulePropertyOverride | Enabled | true | | False |
| Microsoft.AdvancedThreatAnalytics.1_8.Center.AccountEnumerationSuspiciousActivity.Override | Microsoft.AdvancedThreatAnalytics.1_8.Center | Microsoft.AdvancedThreatAnalytics.1_8.Center.AccountEnumerationSuspiciousActivity | RulePropertyOverride | Enabled | true | | False |
| Microsoft.AdvancedThreatAnalytics.1_8.Center.BruteForceSuspiciousActivity.Override | Microsoft.AdvancedThreatAnalytics.1_8.Center | Microsoft.AdvancedThreatAnalytics.1_8.Center.BruteForceSuspiciousActivity | RulePropertyOverride | Enabled | true | | False |
| Microsoft.AdvancedThreatAnalytics.1_8.Center.ComputerPreauthenticationFailedSuspiciousActivity.Override | Microsoft.AdvancedThreatAnalytics.1_8.Center | Microsoft.AdvancedThreatAnalytics.1_8.Center.ComputerPreauthenticationFailedSuspiciousActivity | RulePropertyOverride | Enabled | true | | False |
| Microsoft.AdvancedThreatAnalytics.1_8.Center.DirectoryServicesReplicationSuspiciousActivity.Override | Microsoft.AdvancedThreatAnalytics.1_8.Center | Microsoft.AdvancedThreatAnalytics.1_8.Center.DirectoryServicesReplicationSuspiciousActivity | RulePropertyOverride | Enabled | true | | False |
| Microsoft.AdvancedThreatAnalytics.1_8.Center.DnsReconnaissanceSuspiciousActivity.Override | Microsoft.AdvancedThreatAnalytics.1_8.Center | Microsoft.AdvancedThreatAnalytics.1_8.Center.DnsReconnaissanceSuspiciousActivity | RulePropertyOverride | Enabled | true | | False |
| Microsoft.AdvancedThreatAnalytics.1_8.Center.EncryptionDowngradeSuspiciousActivity.Override | Microsoft.AdvancedThreatAnalytics.1_8.Center | Microsoft.AdvancedThreatAnalytics.1_8.Center.EncryptionDowngradeSuspiciousActivity | RulePropertyOverride | Enabled | true | | False |
| Microsoft.AdvancedThreatAnalytics.1_8.Center.EnumerateSessionsSuspiciousActivity.Override | Microsoft.AdvancedThreatAnalytics.1_8.Center | Microsoft.AdvancedThreatAnalytics.1_8.Center.EnumerateSessionsSuspiciousActivity | RulePropertyOverride | Enabled | true | | False |
| Microsoft.AdvancedThreatAnalytics.1_8.Center.ForgedPacSuspiciousActivity.Override | Microsoft.AdvancedThreatAnalytics.1_8.Center | Microsoft.AdvancedThreatAnalytics.1_8.Center.ForgedPacSuspiciousActivity | RulePropertyOverride | Enabled | true | | False |
| Microsoft.AdvancedThreatAnalytics.1_8.Center.GoldenTicketSuspiciousActivity.Override | Microsoft.AdvancedThreatAnalytics.1_8.Center | Microsoft.AdvancedThreatAnalytics.1_8.Center.GoldenTicketSuspiciousActivity | RulePropertyOverride | Enabled | true | | False |
| Microsoft.AdvancedThreatAnalytics.1_8.Center.HoneytokenActivitySuspiciousActivity.Override | Microsoft.AdvancedThreatAnalytics.1_8.Center | Microsoft.AdvancedThreatAnalytics.1_8.Center.HoneytokenActivitySuspiciousActivity | RulePropertyOverride | Enabled | true | | False |
| Microsoft.AdvancedThreatAnalytics.1_8.Center.LdapBruteForceSuspiciousActivity.Override | Microsoft.AdvancedThreatAnalytics.1_8.Center | Microsoft.AdvancedThreatAnalytics.1_8.Center.LdapBruteForceSuspiciousActivity | RulePropertyOverride | Enabled | true | | False |
| Microsoft.AdvancedThreatAnalytics.1_8.Center.LdapCleartextPasswordSuspiciousActivity.Override | Microsoft.AdvancedThreatAnalytics.1_8.Center | Microsoft.AdvancedThreatAnalytics.1_8.Center.LdapCleartextPasswordSuspiciousActivity | RulePropertyOverride | Enabled | true | | False |
| Microsoft.AdvancedThreatAnalytics.1_8.Center.MassiveObjectDeletionSuspiciousActivity.Override | Microsoft.AdvancedThreatAnalytics.1_8.Center | Microsoft.AdvancedThreatAnalytics.1_8.Center.MassiveObjectDeletionSuspiciousActivity | RulePropertyOverride | Enabled | true | | False |
| Microsoft.AdvancedThreatAnalytics.1_8.Center.PassTheHashSuspiciousActivity.Override | Microsoft.AdvancedThreatAnalytics.1_8.Center | Microsoft.AdvancedThreatAnalytics.1_8.Center.PassTheHashSuspiciousActivity | RulePropertyOverride | Enabled | true | | False |
| Microsoft.AdvancedThreatAnalytics.1_8.Center.PassTheTicketSuspiciousActivity.Override | Microsoft.AdvancedThreatAnalytics.1_8.Center | Microsoft.AdvancedThreatAnalytics.1_8.Center.PassTheTicketSuspiciousActivity | RulePropertyOverride | Enabled | true | | False |
| Microsoft.AdvancedThreatAnalytics.1_8.Center.RemoteExecutionSuspiciousActivity.Override | Microsoft.AdvancedThreatAnalytics.1_8.Center | Microsoft.AdvancedThreatAnalytics.1_8.Center.RemoteExecutionSuspiciousActivity | RulePropertyOverride | Enabled | true | | False |
| Microsoft.AdvancedThreatAnalytics.1_8.Center.RetrieveDataProtectionBackupKeySuspiciousActivity.Override | Microsoft.AdvancedThreatAnalytics.1_8.Center | Microsoft.AdvancedThreatAnalytics.1_8.Center.RetrieveDataProtectionBackupKeySuspiciousActivity | RulePropertyOverride | Enabled | true | | False |
| Microsoft.AdvancedThreatAnalytics.1_8.Center.SamrReconnaissanceSuspiciousActivity.Override | Microsoft.AdvancedThreatAnalytics.1_8.Center | Microsoft.AdvancedThreatAnalytics.1_8.Center.SamrReconnaissanceSuspiciousActivity | RulePropertyOverride | Enabled | true | | False |
Home