-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathwindows_performance_monitor.xml
More file actions
72 lines (61 loc) · 2.41 KB
/
windows_performance_monitor.xml
File metadata and controls
72 lines (61 loc) · 2.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
<group name="WinCounter,">
<rule id="301000" level="0">
<decoded_as>json</decoded_as>
<match>^{"winCounter":</match>
<description>Windows Performance Counter: $(winCounter.Path)</description>
</rule>
<rule id="302000" level="3">
<if_sid>301000</if_sid>
<field name="winCounter.Path">memory\\available mbytes</field>
<description>Windows Counter: Available Memory</description>
<group>MEMUsage,</group>
</rule>
<rule id="302001" level="5">
<if_sid>302000</if_sid>
<field name="winCounter.CookedValue" type="pcre2">^[5-9]\d\d$</field>
<description>Windows Counter: Available Memory less than 1GB</description>
<group>MEMUsage,</group>
</rule>
<rule id="302002" level="7">
<if_sid>302000</if_sid>
<field name="winCounter.CookedValue" type="pcre2">^[1-4]\d\d$</field>
<description>Windows Counter: Available Memory less than 500GB</description>
<group>MEMUsage,</group>
</rule>
<rule id="302003" level="3">
<if_sid>301000</if_sid>
<field name="winCounter.Path">free megabytes</field>
<description>Windows Counter: Disk Space Free</description>
<group>DiskFree,</group>
</rule>
<rule id="302004" level="3">
<if_sid>301000</if_sid>
<field name="winCounter.Path">bytes received/sec</field>
<description>Windows Counter: Network Traffic In</description>
<group>NetworkTrafficIn,</group>
</rule>
<rule id="302005" level="3">
<if_sid>301000</if_sid>
<field name="winCounter.Path">bytes sent/sec</field>
<description>Windows Counter: Network Traffic Out</description>
<group>NetworkTrafficOut,</group>
</rule>
<rule id="303000" level="3">
<if_sid>301000</if_sid>
<field name="winCounter.Path">processor\S+ processor time</field>
<description>Windows Counter: CPU Usage</description>
<group>CPUUsage,</group>
</rule>
<rule id="303001" level="5">
<if_sid>303000</if_sid>
<field name="winCounter.CookedValue">^8\d.\d+$</field>
<description>Windows Counter: CPU Usage above 80%</description>
<group>CPUUsage,</group>
</rule>
<rule id="303002" level="7">
<if_sid>303000</if_sid>
<field name="winCounter.CookedValue">^9\d.\d+$</field>
<description>Windows Counter CPU Usage above 90%</description>
<group>CPUUsage,</group>
</rule>
</group>