PS2016
| DisplayName | Type | Description |
|---|---|---|
| AlertRule-PS-2016-1 | Log | Ensure the server is accessible. |
| AlertRule-PS-2016-2 | Log | Manually install the color profile. |
| AlertRule-PS-2016-3 | Log | Retry printing or restart the print server. |
| AlertRule-PS-2016-4 | Log | Install the Printer Driver. |
| AlertRule-PS-2016-5 | Log | Restart the print spooler fix sharing problems and check Group Policy. |
| AlertRule-PS-2016-6 | Log | Restart the print spooler and unshare the printer. |
| AlertRule-PS-2016-7 | Log | Update the printer driver. |
| AlertRule-PS-2016-8 | Log | Check Group Policy and network connectivity. |
| AlertRule-PS-2016-9 | Log | Try again or install an updated printer driver. |
| AlertRule-PS-2016-10 | Log | Check network connectivity and Group Policy. |
| AlertRule-PS-2016-11 | Log | Check resource availability. |
| Property | Value |
|---|---|
| Severity | 2 |
| Enabled | True |
| AutoMitigate | True |
| EvaluationFrequency | PT15M |
| WindowSize | PT15M |
| Type | rows |
| Query | Event | where EventID in (83) and EventLog == ‘Microsoft-Windows-PrintService/Admin’ and (Source == ‘Microsoft-Windows-PrintBRM’ or Source == ‘PrintBrm’) |
| Threshold | N/A |
| xPathQuery | Microsoft-Windows-PrintService/Admin!*[System[(EventID=83) and (Provider[@Name=‘Microsoft-Windows-PrintBRM’ or @Name=‘PrintBrm’])]] |
| Property | Value |
|---|---|
| Severity | 2 |
| Enabled | True |
| AutoMitigate | True |
| EvaluationFrequency | PT15M |
| WindowSize | PT15M |
| Type | rows |
| Query | Event | where EventID in (360) and EventLog == ‘Microsoft-Windows-PrintService/Admin’ and Source == ‘Microsoft-Windows-PrintService’ |
| Threshold | N/A |
| xPathQuery | Microsoft-Windows-PrintService/Admin!*[System[(EventID=360) and (Provider[@Name=‘Microsoft-Windows-PrintService’])]] |
| Property | Value |
|---|---|
| Severity | 2 |
| Enabled | True |
| AutoMitigate | True |
| EvaluationFrequency | PT15M |
| WindowSize | PT15M |
| Type | rows |
| Query | Event | where EventID in (701,702,703,704) and EventLog == ‘Microsoft-Windows-PrintService/Operational!*’ and Source == ‘Microsoft-Windows-PrintService’ |
| Threshold | N/A |
| xPathQuery | Microsoft-Windows-PrintService/Operational!*[System[(EventID=701 or EventID=702 or EventID=703 or EventID=704) and (Provider[@Name=‘Microsoft-Windows-PrintService’])]] |
| Property | Value |
|---|---|
| Severity | 2 |
| Enabled | True |
| AutoMitigate | True |
| EvaluationFrequency | PT15M |
| WindowSize | PT15M |
| Type | rows |
| Query | Event | where EventID in (364,365,367) and EventLog == ‘Microsoft-Windows-PrintService/Admin’ and Source == ‘Microsoft-Windows-PrintService’ |
| Threshold | N/A |
| xPathQuery | Microsoft-Windows-PrintService/Admin!*[System[(EventID=364 or EventID=365 or EventID=367) and (Provider[@Name=‘Microsoft-Windows-PrintService’])]] |
| Property | Value |
|---|---|
| Severity | 2 |
| Enabled | True |
| AutoMitigate | True |
| EvaluationFrequency | PT15M |
| WindowSize | PT15M |
| Type | rows |
| Query | Event | where EventID in (315) and EventLog == ‘Microsoft-Windows-PrintService/Admin’ and Source == ‘Microsoft-Windows-PrintService’ |
| Threshold | N/A |
| xPathQuery | Microsoft-Windows-PrintService/Admin!*[System[(EventID=315) and (Provider[@Name=‘Microsoft-Windows-PrintService’])]] |
| Property | Value |
|---|---|
| Severity | 2 |
| Enabled | True |
| AutoMitigate | True |
| EvaluationFrequency | PT15M |
| WindowSize | PT15M |
| Type | rows |
| Query | Event | where EventID in (371) and EventLog == ‘Microsoft-Windows-PrintService/Admin’ and Source == ‘Microsoft-Windows-PrintService’ |
| Threshold | N/A |
| xPathQuery | Microsoft-Windows-PrintService/Admin!*[System[(EventID=371) and (Provider[@Name=‘Microsoft-Windows-PrintService’])]] |
| Property | Value |
|---|---|
| Severity | 2 |
| Enabled | True |
| AutoMitigate | True |
| EvaluationFrequency | PT15M |
| WindowSize | PT15M |
| Type | rows |
| Query | Event | where EventID in (356) and EventLog == ‘Microsoft-Windows-PrintService/Admin’ and Source == ‘Microsoft-Windows-PrintService’ |
| Threshold | N/A |
| xPathQuery | Microsoft-Windows-PrintService/Admin!*[System[(EventID=356) and (Provider[@Name=‘Microsoft-Windows-PrintService’])]] |
| Property | Value |
|---|---|
| Severity | 2 |
| Enabled | True |
| AutoMitigate | True |
| EvaluationFrequency | PT15M |
| WindowSize | PT15M |
| Type | rows |
| Query | Event | where EventID in (513,514) and EventLog == ‘Microsoft-Windows-PrintService/Admin’ and Source == ‘Microsoft-Windows-PrintService’ |
| Threshold | N/A |
| xPathQuery | Microsoft-Windows-PrintService/Admin!*[System[(EventID=513 or EventID=514) and (Provider[@Name=‘Microsoft-Windows-PrintService’])]] |
| Property | Value |
|---|---|
| Severity | 2 |
| Enabled | True |
| AutoMitigate | True |
| EvaluationFrequency | PT15M |
| WindowSize | PT15M |
| Type | rows |
| Query | Event | where EventID in (600,601) and EventLog == ‘Microsoft-Windows-PrintService/Admin’ and Source == ‘Microsoft-Windows-PrintService’ |
| Threshold | N/A |
| xPathQuery | Microsoft-Windows-PrintService/Admin!*[System[(EventID=600 or EventID=601) and (Provider[@Name=‘Microsoft-Windows-PrintService’])]] |
| Property | Value |
|---|---|
| Severity | 2 |
| Enabled | True |
| AutoMitigate | True |
| EvaluationFrequency | PT15M |
| WindowSize | PT15M |
| Type | rows |
| Query | Event | where EventID in (515,516,517,518,519,520) and EventLog == ‘Microsoft-Windows-PrintService/Admin’ and Source == ‘Microsoft-Windows-PrintService’ |
| Threshold | N/A |
| xPathQuery | Microsoft-Windows-PrintService/Admin!*[System[(EventID=515 or EventID=516 or EventID=517 or EventID=518 or EventID=519 or EventID=520) and (Provider[@Name=‘Microsoft-Windows-PrintService’])]] |
| Property | Value |
|---|---|
| Severity | 2 |
| Enabled | True |
| AutoMitigate | True |
| EvaluationFrequency | PT15M |
| WindowSize | PT15M |
| Type | rows |
| Query | Event | where EventID in (502,503,504,505,506,507,508,509,510,511,512) and EventLog == ‘Microsoft-Windows-PrintService/Admin’ and Source == ‘Microsoft-Windows-PrintService’ |
| Threshold | N/A |
| xPathQuery | Microsoft-Windows-PrintService/Admin!*[System[(EventID=502 or EventID=503 or EventID=504 or EventID=505 or EventID=506 or EventID=507 or EventID=508 or EventID=509 or EventID=510 or EventID=511 or EventID=512) and (Provider[@Name=‘Microsoft-Windows-PrintService’])]] |
| Performance Counter |
|---|
| \Print Queue(_Total)\Jobs |
| \Print Queue(_Total)\Jobs Spooling |
| \Print Queue(_Total)\Total Jobs Printed |
| \Print Queue(_Total)\Total Pages Printed |