Obs/bin/GMA/Monitoring/Agent/initconfig/2.0/Standard/AsmCountersOffline-Content.xml
|
<?xml version="1.0" encoding="utf-8"?>
<MonitoringManagement version="1.0" timestamp="2023-06-08T00:58:42.4731192Z"> <!-- Autogenerated version comment - DO NOT REMOVE: AzSecPackShipVersion=4.27.0.4 --> <!-- Autogenerated version comment - DO NOT REMOVE: AzSecPackShipVersion=4.3.3.9 --> <Events> <CounterSets storeType="Local"> <CounterSet eventName="AsmScannerCounter" sampleRateInSeconds="10"> <Counter>\Process(UserGroupScanner)\% Processor Time</Counter> <Counter>\Process(UserGroupScanner)\IO Data Bytes/sec</Counter> <Counter>\Process(UserGroupScanner)\IO Data Operations/sec</Counter> <Counter>\Process(UserGroupScanner)\IO Read Bytes/sec</Counter> <Counter>\Process(UserGroupScanner)\IO Read Operations/sec</Counter> <Counter>\Process(UserGroupScanner)\IO Write Bytes/sec</Counter> <Counter>\Process(UserGroupScanner)\IO Write Operations/sec</Counter> <Counter>\Process(UserGroupScanner)\Pool Nonpaged Bytes</Counter> <Counter>\Process(UserGroupScanner)\Pool Paged Bytes</Counter> <Counter>\Process(UserGroupScanner)\Virtual Bytes</Counter> <Counter>\Process(UserGroupScanner)\Working Set</Counter> <Counter>\Process(UserGroupScanner)\Working Set Peak</Counter> <Counter>\Process(UserGroupScanner)\Private Bytes</Counter> <Counter>\Process(UserGroupScanner)\Handle Count</Counter> <Counter>\Process(AsmBaselineScanner)\% Processor Time</Counter> <Counter>\Process(AsmBaselineScanner)\IO Data Bytes/sec</Counter> <Counter>\Process(AsmBaselineScanner)\IO Data Operations/sec</Counter> <Counter>\Process(AsmBaselineScanner)\IO Read Bytes/sec</Counter> <Counter>\Process(AsmBaselineScanner)\IO Read Operations/sec</Counter> <Counter>\Process(AsmBaselineScanner)\IO Write Bytes/sec</Counter> <Counter>\Process(AsmBaselineScanner)\IO Write Operations/sec</Counter> <Counter>\Process(AsmBaselineScanner)\Pool Nonpaged Bytes</Counter> <Counter>\Process(AsmBaselineScanner)\Pool Paged Bytes</Counter> <Counter>\Process(AsmBaselineScanner)\Virtual Bytes</Counter> <Counter>\Process(AsmBaselineScanner)\Working Set</Counter> <Counter>\Process(AsmBaselineScanner)\Working Set Peak</Counter> <Counter>\Process(AsmBaselineScanner)\Private Bytes</Counter> <Counter>\Process(SecurityScanMgr)\% Processor Time</Counter> <Counter>\Process(SecurityScanMgr)\IO Data Bytes/sec</Counter> <Counter>\Process(SecurityScanMgr)\IO Data Operations/sec</Counter> <Counter>\Process(SecurityScanMgr)\IO Read Bytes/sec</Counter> <Counter>\Process(SecurityScanMgr)\IO Read Operations/sec</Counter> <Counter>\Process(SecurityScanMgr)\IO Write Bytes/sec</Counter> <Counter>\Process(SecurityScanMgr)\IO Write Operations/sec</Counter> <Counter>\Process(SecurityScanMgr)\Pool Nonpaged Bytes</Counter> <Counter>\Process(SecurityScanMgr)\Pool Paged Bytes</Counter> <Counter>\Process(SecurityScanMgr)\Virtual Bytes</Counter> <Counter>\Process(SecurityScanMgr)\Working Set</Counter> <Counter>\Process(SecurityScanMgr)\Working Set Peak</Counter> <Counter>\Process(SecurityScanMgr)\Private Bytes</Counter> <Counter>\Process(SecurityScanMgr)\Handle Count</Counter> <Counter>\Process(SWinventoryScanner)\% Processor Time</Counter> <Counter>\Process(SWinventoryScanner)\IO Data Bytes/sec</Counter> <Counter>\Process(SWinventoryScanner)\IO Data Operations/sec</Counter> <Counter>\Process(SWinventoryScanner)\IO Read Bytes/sec</Counter> <Counter>\Process(SWinventoryScanner)\IO Read Operations/sec</Counter> <Counter>\Process(SWinventoryScanner)\IO Write Bytes/sec</Counter> <Counter>\Process(SWinventoryScanner)\IO Write Operations/sec</Counter> <Counter>\Process(SWinventoryScanner)\Pool Nonpaged Bytes</Counter> <Counter>\Process(SWinventoryScanner)\Pool Paged Bytes</Counter> <Counter>\Process(SWinventoryScanner)\Virtual Bytes</Counter> <Counter>\Process(SWinventoryScanner)\Working Set</Counter> <Counter>\Process(SWinventoryScanner)\Working Set Peak</Counter> <Counter>\Process(SWinventoryScanner)\Private Bytes</Counter> <Counter>\Process(EventDrivenScanner)\% Processor Time</Counter> <Counter>\Process(EventDrivenScanner)\IO Data Bytes/sec</Counter> <Counter>\Process(EventDrivenScanner)\IO Data Operations/sec</Counter> <Counter>\Process(EventDrivenScanner)\IO Read Bytes/sec</Counter> <Counter>\Process(EventDrivenScanner)\IO Read Operations/sec</Counter> <Counter>\Process(EventDrivenScanner)\IO Write Bytes/sec</Counter> <Counter>\Process(EventDrivenScanner)\IO Write Operations/sec</Counter> <Counter>\Process(EventDrivenScanner)\Pool Nonpaged Bytes</Counter> <Counter>\Process(EventDrivenScanner)\Pool Paged Bytes</Counter> <Counter>\Process(EventDrivenScanner)\Virtual Bytes</Counter> <Counter>\Process(EventDrivenScanner)\Working Set</Counter> <Counter>\Process(EventDrivenScanner)\Working Set Peak</Counter> <Counter>\Process(EventDrivenScanner)\Private Bytes</Counter> <Counter>\Process(EventDrivenScanner)\Handle Count</Counter> <Counter>\Process(NetIsoScanner)\% Processor Time</Counter> <Counter>\Process(NetIsoScanner)\IO Data Bytes/sec</Counter> <Counter>\Process(NetIsoScanner)\IO Data Operations/sec</Counter> <Counter>\Process(NetIsoScanner)\IO Read Bytes/sec</Counter> <Counter>\Process(NetIsoScanner)\IO Read Operations/sec</Counter> <Counter>\Process(NetIsoScanner)\IO Write Bytes/sec</Counter> <Counter>\Process(NetIsoScanner)\IO Write Operations/sec</Counter> <Counter>\Process(NetIsoScanner)\Pool Nonpaged Bytes</Counter> <Counter>\Process(NetIsoScanner)\Pool Paged Bytes</Counter> <Counter>\Process(NetIsoScanner)\Virtual Bytes</Counter> <Counter>\Process(NetIsoScanner)\Working Set</Counter> <Counter>\Process(NetIsoScanner)\Working Set Peak</Counter> <Counter>\Process(NetIsoScanner)\Private Bytes</Counter> <Counter>\Process(MsSenseS)\% Processor Time</Counter> <Counter>\Process(MsSenseS)\IO Data Bytes/sec</Counter> <Counter>\Process(MsSenseS)\IO Data Operations/sec</Counter> <Counter>\Process(MsSenseS)\IO Read Bytes/sec</Counter> <Counter>\Process(MsSenseS)\IO Read Operations/sec</Counter> <Counter>\Process(MsSenseS)\IO Write Bytes/sec</Counter> <Counter>\Process(MsSenseS)\IO Write Operations/sec</Counter> <Counter>\Process(MsSenseS)\Pool Nonpaged Bytes</Counter> <Counter>\Process(MsSenseS)\Pool Paged Bytes</Counter> <Counter>\Process(MsSenseS)\Virtual Bytes</Counter> <Counter>\Process(MsSenseS)\Working Set</Counter> <Counter>\Process(MsSenseS)\Working Set Peak</Counter> <Counter>\Process(MsSenseS)\Private Bytes</Counter> <Counter>\Process(MsSense)\% Processor Time</Counter> <Counter>\Process(MsSense)\IO Data Bytes/sec</Counter> <Counter>\Process(MsSense)\IO Data Operations/sec</Counter> <Counter>\Process(MsSense)\IO Read Bytes/sec</Counter> <Counter>\Process(MsSense)\IO Read Operations/sec</Counter> <Counter>\Process(MsSense)\IO Write Bytes/sec</Counter> <Counter>\Process(MsSense)\IO Write Operations/sec</Counter> <Counter>\Process(MsSense)\Pool Nonpaged Bytes</Counter> <Counter>\Process(MsSense)\Pool Paged Bytes</Counter> <Counter>\Process(MsSense)\Virtual Bytes</Counter> <Counter>\Process(MsSense)\Working Set</Counter> <Counter>\Process(MsSense)\Working Set Peak</Counter> <Counter>\Process(MsSense)\Private Bytes</Counter> <Counter>\Process(MsSense)\Handle Count</Counter> <Counter>\Process(NetworkSecurityScanner)\% Processor Time</Counter> <Counter>\Process(NetworkSecurityScanner)\IO Data Bytes/sec</Counter> <Counter>\Process(NetworkSecurityScanner)\IO Data Operations/sec</Counter> <Counter>\Process(NetworkSecurityScanner)\IO Read Bytes/sec</Counter> <Counter>\Process(NetworkSecurityScanner)\IO Read Operations/sec</Counter> <Counter>\Process(NetworkSecurityScanner)\IO Write Bytes/sec</Counter> <Counter>\Process(NetworkSecurityScanner)\IO Write Operations/sec</Counter> <Counter>\Process(NetworkSecurityScanner)\Pool Nonpaged Bytes</Counter> <Counter>\Process(NetworkSecurityScanner)\Pool Paged Bytes</Counter> <Counter>\Process(NetworkSecurityScanner)\Virtual Bytes</Counter> <Counter>\Process(NetworkSecurityScanner)\Working Set</Counter> <Counter>\Process(NetworkSecurityScanner)\Working Set Peak</Counter> <Counter>\Process(NetworkSecurityScanner)\Private Bytes</Counter> <Counter>\Process(NetworkSecurityScanner)\Handle Count</Counter> <Counter>\Process(NetworkSecurityScanner)\Elapsed Time</Counter> <Counter>\Event Tracing for Windows Session(AzSecPack-NetSecMon-TraceSession)\Number of Real-Time Consumers</Counter> <Counter>\Event Tracing for Windows Session(AzSecPack-NetSecMon-TraceSession)\Events Lost</Counter> <Counter>\Event Tracing for Windows Session(AzSecPack-NetSecMon-TraceSession)\Events Logged per Sec</Counter> <Counter>\Event Tracing for Windows Session(AzSecPack-NetSecMon-TraceSession)\Buffer Memory Usage -- Non-Paged Pool</Counter> <Counter>\Event Tracing for Windows Session(AzSecPack-NetSecMon-TraceSession)\Buffer Memory Usage -- Paged Pool</Counter> <Counter>\Process(PILauncher)\% Processor Time</Counter> <Counter>\Process(PILauncher)\IO Data Bytes/sec</Counter> <Counter>\Process(PILauncher)\IO Data Operations/sec</Counter> <Counter>\Process(PILauncher)\IO Read Bytes/sec</Counter> <Counter>\Process(PILauncher)\IO Read Operations/sec</Counter> <Counter>\Process(PILauncher)\IO Write Bytes/sec</Counter> <Counter>\Process(PILauncher)\IO Write Operations/sec</Counter> <Counter>\Process(PILauncher)\Pool Nonpaged Bytes</Counter> <Counter>\Process(PILauncher)\Pool Paged Bytes</Counter> <Counter>\Process(PILauncher)\Virtual Bytes</Counter> <Counter>\Process(PILauncher)\Working Set</Counter> <Counter>\Process(PILauncher)\Working Set Peak</Counter> <Counter>\Process(PILauncher)\Private Bytes</Counter> <Counter>\Process(ShavaVulnScan)\% Processor Time</Counter> <Counter>\Process(ShavaVulnScan)\IO Data Bytes/sec</Counter> <Counter>\Process(ShavaVulnScan)\IO Data Operations/sec</Counter> <Counter>\Process(ShavaVulnScan)\IO Read Bytes/sec</Counter> <Counter>\Process(ShavaVulnScan)\IO Read Operations/sec</Counter> <Counter>\Process(ShavaVulnScan)\IO Write Bytes/sec</Counter> <Counter>\Process(ShavaVulnScan)\IO Write Operations/sec</Counter> <Counter>\Process(ShavaVulnScan)\Pool Nonpaged Bytes</Counter> <Counter>\Process(ShavaVulnScan)\Pool Paged Bytes</Counter> <Counter>\Process(ShavaVulnScan)\Virtual Bytes</Counter> <Counter>\Process(ShavaVulnScan)\Working Set</Counter> <Counter>\Process(ShavaVulnScan)\Working Set Peak</Counter> <Counter>\Process(ShavaVulnScan)\Private Bytes</Counter> <Counter>\Process(AzQualysScanCommand)\% Processor Time</Counter> <Counter>\Process(AzQualysScanCommand)\IO Data Bytes/sec</Counter> <Counter>\Process(AzQualysScanCommand)\IO Data Operations/sec</Counter> <Counter>\Process(AzQualysScanCommand)\IO Read Bytes/sec</Counter> <Counter>\Process(AzQualysScanCommand)\IO Read Operations/sec</Counter> <Counter>\Process(AzQualysScanCommand)\IO Write Bytes/sec</Counter> <Counter>\Process(AzQualysScanCommand)\IO Write Operations/sec</Counter> <Counter>\Process(AzQualysScanCommand)\Pool Nonpaged Bytes</Counter> <Counter>\Process(AzQualysScanCommand)\Pool Paged Bytes</Counter> <Counter>\Process(AzQualysScanCommand)\Virtual Bytes</Counter> <Counter>\Process(AzQualysScanCommand)\Working Set</Counter> <Counter>\Process(AzQualysScanCommand)\Working Set Peak</Counter> <Counter>\Process(AzQualysScanCommand)\Private Bytes</Counter> <Counter>\Process(HNSContainerTelemetryScanner)\% Processor Time</Counter> <Counter>\Process(HNSContainerTelemetryScanner)\IO Data Bytes/sec</Counter> <Counter>\Process(HNSContainerTelemetryScanner)\IO Data Operations/sec</Counter> <Counter>\Process(HNSContainerTelemetryScanner)\IO Read Bytes/sec</Counter> <Counter>\Process(HNSContainerTelemetryScanner)\IO Read Operations/sec</Counter> <Counter>\Process(HNSContainerTelemetryScanner)\IO Write Bytes/sec</Counter> <Counter>\Process(HNSContainerTelemetryScanner)\IO Write Operations/sec</Counter> <Counter>\Process(HNSContainerTelemetryScanner)\Pool Nonpaged Bytes</Counter> <Counter>\Process(HNSContainerTelemetryScanner)\Pool Paged Bytes</Counter> <Counter>\Process(HNSContainerTelemetryScanner)\Virtual Bytes</Counter> <Counter>\Process(HNSContainerTelemetryScanner)\Working Set</Counter> <Counter>\Process(HNSContainerTelemetryScanner)\Working Set Peak</Counter> <Counter>\Process(HNSContainerTelemetryScanner)\Private Bytes</Counter> </CounterSet> </CounterSets> <DerivedEvents> <DerivedEvent source="AsmScannerCounter" duration="PT15M" eventName="AsmSecPackCntr" account="AzSecurityStore" priority="Normal" retryTimeout="PT1H" storeType="CentralBond" whereToRun="Local" retentionInDays="30"> <Query><![CDATA[ groupby Identity(), CounterName let SampleCount=Count() let CounterValue=Average(CounterValue) let MinValue = Min(CounterValue) let MaxValue = Max(CounterValue) let NumberOfProcessors = GetEnvironmentVariable("NUMBER_OF_PROCESSORS") let ReportingIdentity=GetStaticEnvironmentVariable("MA_HEARTBEAT_IDENTITY") let AssetIdentity=GetStaticEnvironmentVariable("MA_AZURE_IDENTITY") let CRPVMId=GetStaticEnvironmentVariable("MA_RoleEnvironment_VmId") let ServiceId=GetStaticEnvironmentVariable("SERVICE_TREE_ID") let SubscriptionId=GetStaticEnvironmentVariable("MA_RoleEnvironment_SubscriptionId") let ComputerName=GetStaticEnvironmentVariable("MA_COMPUTERNAME_FQDN") == "" ? GetStaticEnvironmentVariable("COMPUTERNAME") : GetStaticEnvironmentVariable("MA_COMPUTERNAME_FQDN") ]]></Query> </DerivedEvent> </DerivedEvents> </Events> </MonitoringManagement> |