| AIE Rule ID | AIE Rule Name | AIE Rule Brief Description |
|---|
| 1378 | IT Ops: Crit System Shutdown | Monitors for system shutdowns that are not followed by startup activity. Must be tuned to select "always on" hosts and for appropriate timeframe for system to startup after shutdown activity. |
| 1379 | IT Ops: Crit Service Stopped | Rule observes for service stop events that are not followed by service start events. |
| 1380 | IT Ops: Crit Win Service Failed To Recover | Rule looking for Windows services which attempt to recover, but fail. |
| 1381 | IT Ops: Crit Backup Failure | Monitors for failed backup events. |
| 1441 | IT Ops: Crit Application Config Change | Observes for changes to critical application configurations. |
| 1442 | IT Ops: Crit Database Config Change | Monitors for changes to critical database configurations. |
| 1443 | IT Ops: Crit Dir. Services Config Change | Monitors for changes to critical directory services configurations. |
| 1444 | IT Ops: Crit Net Access Config Change | Monitors for changes to critical network access configurations. |
| 1445 | IT Ops: Crit Security Config Change | Monitors for changes to critical security configurations. |
| 1446 | IT Ops: Crit System Config Change | Monitors for changes to critical system configurations. |
| 1447 | IT Ops: Win Application Error Tracking | Rule tracks windows application errors that exceed a normal level. |
| 1448 | IT Ops: Possible Bad Win Update : App Error | Rule watches for Windows Application Error Tracking trend rule firing following Windows Updates being installed. Rule fires alarm if a higher incidence of application errors have occurred. |
| 1451 | IT Ops: Possible Bad Win Update : Sys Crash | Rule watches for a Windows crash dump log following Windows Updates being installed. |
| 1458 | IT Ops: Slow Web Server Response Times | Rule observes for slow web server response times. |
| 1470 | IT Ops: PerfMon: Proc Time Thrshld Exceeded | Rule observes for 20 or more threshold exceeded alarms within 6 minutes from Windows PerfMon for % Processor Time counter. |
| 1471 | IT Ops: PerfMon: Low Free Disk Space | Rule observes for low disk space alerts from Windows PerfMon counters. |
| 1472 | IT Ops: Nagios: Sys Offline Attribution | Observes for several critical, warning, or error events followed by Nagios detecting a host hard down status. |
| 1473 | IT Ops: Nagios: Sys Off Following Win Update | Observes for successful Windows Update install followed by Nagios event indicating a system is down. |
| 1474 | IT Ops: PerfMon: Dsk % Idle Time Blw Thrshld | Monitors for low disk idle time from Performance Monitor. |
| 1476 | IT Ops: Nagios: Service State Offline | Rule observes for hard service state down or critical from Nagios. |
| 1485 | IT Ops: Nagios: Sys Offline Following Change | Observes for configuration change followed by Nagios detecting a host hard down status. |
| 1486 | IT Ops: VMWare: RAM Disk Full | Observes for specific logging activity indicative of a full RAM Disk. |
| 1597 | IT Ops: LogRhythm Lifecycle Controller | Rule to event on LogRhythm Lifecycle Controller logs. |
