8 files changed, 323 insertions, 0 deletions

diff --git a/health/guides/windows/windows_10min_cpu_usage.md b/health/guides/windows/windows_10min_cpu_usage.md
new file mode 100644
index 000000000..5b585c714
--- /dev/null
+++ b/health/guides/windows/windows_10min_cpu_usage.md
@@ -0,0 +1,36 @@
+### Understand the alert
+
+This alert calculates the average total `CPU utilization` on a Windows system over the last 10 minutes. If you receive this warning or critical alert, it means that your system is experiencing high CPU usage, which could lead to performance issues.
+
+### What does CPU utilization mean?
+
+`CPU utilization` is the percentage of time the CPU spends executing tasks, as opposed to being idle. A high CPU utilization means that the CPU is working on a large number of tasks and may not have enough processing power to handle additional tasks efficiently. This can result in slow response times and overall system performance issues.
+
+### Troubleshoot the alert
+
+1. Identify high CPU usage processes:
+   
+   Open Task Manager by pressing `Ctrl + Shift + Esc` on your keyboard, or right-click on the Taskbar and select "Task Manager." Click the "Processes" tab, and sort by the "CPU" column to identify the processes consuming the most CPU resources.
+
+2. Analyze process details:
+   
+   Right-click on the process with high CPU usage and select "Properties" or "Go to details" to learn more about the process, its location, and its purpose.
+
+3. Determine if the process is essential:
+   
+   Research the process in question to ensure that it is safe to terminate. Some processes are integral to the system, and terminating them may cause instability or crashes.
+
+4. Terminate or optimize the problematic process:
+   
+   If the process is not essential, you can right-click on it and select "End task" to stop it. If the process is necessary, consider optimizing its performance or updating the software responsible for the process. In some cases, restarting the system may help resolve temporary high CPU usage issues.
+
+5. Monitor CPU usage after taking action:
+   
+   Continue monitoring CPU usage to ensure that the issue has been resolved. If the problem persists, further investigation may be required, such as examining system logs or using performance analysis tools like Windows Performance Monitor.
+
+### Useful resources
+
+1. [How to Monitor CPU Usage on Windows](https://www.tomsguide.com/how-to/how-to-monitor-cpu-usage-on-windows)
+2. [Windows Task Manager: A Troubleshooting Guide](https://www.howtogeek.com/66622/stupid-geek-tricks-6-ways-to-open-windows-task-manager/)
+3. [How to Use the Performance Monitor on Windows](https://www.digitalcitizen.life/how-use-performance-monitor-windows/)
+4. [Understanding Process Explorer](https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer)
\ No newline at end of file
diff --git a/health/guides/windows/windows_disk_in_use.md b/health/guides/windows/windows_disk_in_use.md
new file mode 100644
index 000000000..4642b79ce
--- /dev/null
+++ b/health/guides/windows/windows_disk_in_use.md
@@ -0,0 +1,34 @@
+### Understand the alert
+
+This alert is triggered when the disk space utilization on a Windows system surpasses the defined thresholds. If you receive this alert, it means your system's disk usage is high, and you might need to free up space.
+
+### Why is disk space utilization important?
+
+Disk space utilization is crucial for the stable and efficient operation of your system. As the disk fills up, system processes may slow down or fail due to insufficient storage space. Moreover, new applications and updates may require additional storage, which can cause issues if not enough disk space is available.
+
+### Troubleshoot the alert
+
+1. Check disk usage in detail
+
+   To check the disk usage on your Windows system, you can use `Disk Management` tool by searching for it in the Start menu, or by right-clicking on Computer in the File Explorer and selecting "Manage."
+
+2. Analyze disk usage by folders and files
+
+   Use a disk space analyzer tool like [TreeSize](https://www.jam-software.com/treesize_free) or [WinDirStat](https://windirstat.net/) to find the largest files and folders on your system. These tools will help you identify areas where you can free up space.
+
+3. Clean up unnecessary files
+
+   - Empty the recycle bin on your Windows system.
+   - In the File Explorer, right-click on the system drive (usually C:), and select "Properties." Navigate to the "General" tab and click on "Disk Cleanup" to free up space by removing temporary files, system files and other items that can be safely deleted.
+   - Uninstall unused applications using the Programs and Features setting in the Control Panel.
+   - Move larger files such as media or documents to an external storage device or cloud storage service.
+
+4. Monitor disk usage
+
+   Keep an eye on the disk usage to prevent it from surpassing the threshold again in the future. Pay attention to system and software updates that may require additional storage, as well as the growth of log files or temporary files generated by your computer's operation.
+
+### Useful resources
+
+1. [Windows 10 Tips & Tricks: Analyze Disk Space & Free Space - YouTube](https://www.youtube.com/watch?v=NolLC9tBP_Y)
+2. [5 Free Tools to Visualize Disk Space Usage on Windows](https://www.hongkiat.com/blog/visualize-hard-disk-usage-free-tools-for-windows/)
+3. [10 Ways to Free Up Hard Drive Space on Windows](https://www.howtogeek.com/125923/7-ways-to-free-up-hard-disk-space-on-windows/)
\ No newline at end of file
diff --git a/health/guides/windows/windows_inbound_packets_discarded.md b/health/guides/windows/windows_inbound_packets_discarded.md
new file mode 100644
index 000000000..829e34ffe
--- /dev/null
+++ b/health/guides/windows/windows_inbound_packets_discarded.md
@@ -0,0 +1,39 @@
+### Understand the alert
+
+This alert is triggered when the number of inbound discarded packets for a network interface on a Windows system exceeds the threshold (5 packets) within the last 10 minutes. If you receive this alert, it means that your network interface may have an issue that is causing packets to be discarded.
+
+### What does inbound discarded packets mean?
+
+Inbound discarded packets refer to network packets that are received by the network interface but are not processed by the system. Packets may be discarded for various reasons such as network congestion, packet corruption, or reaching the system's capacity limits.
+
+### Troubleshoot the alert
+
+1. Identify the problematic network interface
+
+To find out which network interface is causing the problem, log in to the Windows system and open **Performance Monitor**. Go to the **Windows → Networking → Network Interface** section in the left pane and check the **Packets Received Discarded** counter to identify the offending interface.
+
+2. Check network interface hardware
+
+Verify that the network interface is working correctly and hasn't malfunctioned. Inspect the cables and ensure that they are connected properly. If possible, try a different network interface.
+
+3. Check network congestion and bandwidth usage
+
+High network congestion and bandwidth usage can cause packets to be discarded. Monitor your network's usage and check for any unusual patterns or excessive bandwidth usage. Consider using a network monitoring tool to gather more in-depth information about your network.
+
+4. Inspect system logs
+
+Check system logs for errors or warnings related to the network interface. The Windows Event Viewer can be a valuable resource for identifying issues related to the network interface. 
+
+5. Update network adapter drivers
+
+Outdated or incompatible drivers can cause network issues, including inbound discarded packets. Ensure that your network adapter drivers are up-to-date and provided by a reliable source.
+
+6. Investigate packet corruption
+
+Packet corruption can be caused by faulty hardware, software issues, or even cyber-attacks. Ensure that your system is adequately protected, and investigate any possible software-related issues that may lead to packet corruption.
+
+### Useful resources
+
+1. [Windows Performance Monitor](https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/perfmon)
+2. [Windows Event Viewer](https://docs.microsoft.com/en-us/windows/win32/eventlog/event-log-reference)
+3. [How to troubleshoot networking problems on the Windows platform](https://support.microsoft.com/en-us/help/10267)
\ No newline at end of file
diff --git a/health/guides/windows/windows_inbound_packets_errors.md b/health/guides/windows/windows_inbound_packets_errors.md
new file mode 100644
index 000000000..aee982d6a
--- /dev/null
+++ b/health/guides/windows/windows_inbound_packets_errors.md
@@ -0,0 +1,41 @@
+### Understand the alert
+
+This alert informs you about the number of `inbound errors` on the network interface of your Windows machine within the last 10 minutes. If you receive this alert, it indicates that there might be issues with your network connection or hardware.
+
+### What are inbound errors?
+
+Inbound errors refer to problems that occur when packets are coming into the network interface of your machine from external sources. These errors might occur due to various reasons such as packet loss during transmission, hardware problems in the network interface card (NIC), or incorrect network configurations.
+
+### Troubleshoot the alert
+
+To troubleshoot this alert, you can perform the following steps:
+
+1. Check the network connection
+
+   Ensure that the network connection is stable and the cables (if any) are properly connected. If you're using a wireless connection, verify that the signal strength is good and that there are no known Wi-Fi issues in your area.
+
+2. Verify network configurations
+
+   Go through your network configurations and ensure that they are properly set. Some common issues include incorrect IP addresses, subnet masks or gateways. Open the Network Connections window (press Windows key + R, type `ncpa.cpl` and click OK), then right-click your network adapter, select `Properties`, and recheck your configurations.
+
+3. Inspect the hardware
+
+   Check if the NIC experiences any physical issues or if it gets overheated. If you suspect a hardware problem, consider replacing the NIC or connecting to a different network interface to isolate the issue.
+
+4. Monitor the network for any anomalies
+
+   You can use native Windows tools like `Performance Monitor` or `Resource Monitor` to keep an eye on network performance and packet errors. Open the respective tools by searching in the Start Menu.
+
+5. Review Event Viewer logs
+
+   Look for any network-related errors logged in the `Event Viewer`. Press Windows key + X, select Event Viewer, and navigate to `Windows Logs` > `System`. Filter the logs by choosing the `Network Profile` event source and review the error messages.
+
+6. Update NIC drivers
+
+   Sometimes, outdated or faulty NIC drivers might cause inbound packet errors. Ensure that you've installed the latest drivers for your NIC. Visit the manufacturer's website to download and install the most recent drivers compatible with your Windows operating system.
+
+### Useful resources
+
+1. [How to use Network Monitor in Windows](https://docs.microsoft.com/en-us/windows/client-management/troubleshoot-tcpip-network-monitor)
+2. [Network Troubleshooting Guide for Windows](https://techcommunity.microsoft.com/t5/networking-blog/network-troubleshooting-guide-for-windows/ba-p/428114)
+3. [How to Troubleshoot Network Connections with Ping and Tracert](https://www.windowscentral.com/how-troubleshoot-network-connection-ping-and-traceroute)
\ No newline at end of file
diff --git a/health/guides/windows/windows_outbound_packets_discarded.md b/health/guides/windows/windows_outbound_packets_discarded.md
new file mode 100644
index 000000000..226c3b0ba
--- /dev/null
+++ b/health/guides/windows/windows_outbound_packets_discarded.md
@@ -0,0 +1,48 @@
+### Understand the alert
+
+This alert is triggered when the number of outbound discarded packets for a network interface on a Windows system reaches or exceeds 5 in the last 10 minutes. Discarded packets indicate network problems or misconfigurations and can lead to decreased performance, slow connections and communication errors.
+
+### What are outbound discarded packets?
+
+Outbound discarded packets are network packets that were not sent successfully from a Windows host to the intended destination. This might be due to various reasons such as buffer overflows, device driver errors, or network congestion. Discarded packets may result in retransmissions, which could cause increased latencies and reduced network throughput.
+
+### Troubleshoot the alert
+
+1. Check network performance statistics
+
+Use the built-in `netstat` command to display network statistics:
+```
+netstat -s
+```
+
+Look for errors or high discard rates, which may indicate network problems.
+
+2. Monitor network interface performance
+
+Use the `Performance Monitor` tool in Windows to monitor the network interface for issues. Look for counters related to discarded packets, such as `Packets Outbound Errors`, `Packets Received Errors`, and `Packets Sent/sec`.
+
+3. Identify if there are specific applications with high discard rates
+
+Use the `Resource Monitor` tool in Windows to check which applications are consuming the most network resources and identify if any specific application is causing high discard rates.
+
+4. Check for errors, warnings, or unusual events in the Windows Event Viewer
+
+Open the `Event Viewer` in Windows and browse through the System and Application logs for any network-related events. Look for errors or warnings that could be related to network configurations, device driver problems, or application-specific issues.
+
+5. Update or reinstall network drivers
+
+Outdated or corrupt network drivers can cause discarded packets. Ensure your network drivers are up to date and, if necessary, reinstall the drivers.
+
+6. Check network components and configurations
+
+Inspect network cables, switches, and routers for any physical damage or malfunction. Check the network settings on the Windows host to ensure they are correctly configured, including DNS, gateway, and subnet mask.
+
+7. Network congestion
+
+If your network is congested, it can cause an increase in discarded packets. Consider upgrading network equipment or implementing quality of service (QoS) policies to prioritize and manage network traffic more effectively.
+
+### Useful resources
+
+1. [Using Performance Monitor to monitor network performance](https://techcommunity.microsoft.com/t5/ask-the-performance-team/using-perfmon-to-monitor-your-servers-network-performance/ba-p/373944)
+2. [Monitoring Network Performance with Resource Monitor](https://www.online-tech-tips.com/computer-tips/monitoring-network-performance-with-resource-monitor/)
+3. [Event Viewer in Windows](https://www.dummies.com/computers/operating-systems/windows-10/how-to-use-event-viewer-in-windows-10/)
\ No newline at end of file
diff --git a/health/guides/windows/windows_outbound_packets_errors.md b/health/guides/windows/windows_outbound_packets_errors.md
new file mode 100644
index 000000000..2ccb8ef16
--- /dev/null
+++ b/health/guides/windows/windows_outbound_packets_errors.md
@@ -0,0 +1,46 @@
+### Understand the alert
+
+This alert monitors the number of `outbound errors` on the network interface of a Windows system over the last 10 minutes. If you receive this alert, it means that there are `5 or more errors` in outbound packets during that period.
+
+### What are outbound errors?
+
+`Outbound errors` refer to problems that occur during the transmission of packets from the network interface of your system. These errors can be due to various reasons, such as faulty hardware, incorrect configuration, or network congestion.
+
+### Troubleshoot the alert
+
+1. Identify the network interface(s) with high outbound errors
+
+Use the `netstat -e` command to display network statistics for each interface on your system:
+
+```
+netstat -e
+```
+
+This will show you the interfaces with errors, along with a count of errors.
+
+2. Check for faulty hardware or cables
+
+Visually inspect the network interface and cables for any signs of damage or disconnection. If the hardware appears to be faulty, replace it as necessary.
+
+3. Review network configuration settings
+
+Ensure that the network configuration on your system is correct, including the IP address, subnet mask, gateway, and DNS settings. If the configuration is incorrect, update it accordingly.
+
+4. Monitor network traffic
+
+Use network monitoring tools such as `Wireshark` or `tcpdump` to capture traffic on the affected interface. Analyze the captured traffic to identify any issues or patterns that may be causing the errors.
+
+5. Check for network congestion
+
+If the errors are due to network congestion, identify the sources of high traffic and implement measures to reduce congestion, such as traffic shaping, prioritizing, or rate limiting.
+
+6. Update network drivers and firmware
+
+Ensure that your network interface card (NIC) drivers and firmware are up-to-date. Check the manufacturer's website for updates and apply them as necessary.
+
+### Useful resources
+
+1. [Netstat Command Usage on Windows](https://www.computerhope.com/issues/ch001/stat.htm)
+2. [Wireshark - A Network Protocol Analyzer](https://www.wireshark.org/)
+3. [Tcpdump - A Packet Analyzer](https://www.tcpdump.org/)
+4. [Network Performance Monitoring and Diagnostics Guide](https://docs.microsoft.com/en-us/windows-server/networking/technologies/npmd/npmd)
\ No newline at end of file
diff --git a/health/guides/windows/windows_ram_in_use.md b/health/guides/windows/windows_ram_in_use.md
new file mode 100644
index 000000000..ef85588b0
--- /dev/null
+++ b/health/guides/windows/windows_ram_in_use.md
@@ -0,0 +1,38 @@
+### Understand the alert
+
+The `windows_ram_in_use` alert is triggered when memory utilization on a Windows system reaches the specified warning or critical thresholds. If you receive this alert, it means that your Windows system is running low on available memory.
+
+### What does memory utilization mean?
+
+Memory utilization refers to the percentage of a system's RAM that is currently being used by applications, processes, and the operating system. High memory utilization can lead to performance issues and may cause applications to crash or become unresponsive.
+
+### Troubleshoot the alert
+
+- Check current memory usage on the system
+
+1. Press `Ctrl + Shift + Esc` to open Task Manager.
+2. Click on the `Performance` tab.
+3. View the `Memory` section to see the total memory usage and available memory. 
+
+- Identify high memory usage processes
+
+1. In Task Manager, click on the `Processes` tab.
+2. Click on the `Memory` column to sort processes by memory usage.
+3. Identify processes that are using a high percentage of memory.
+
+- Optimize memory usage
+
+1. Close unnecessary applications and processes to free up memory.
+2. Investigate if running processes have a known memory leak issue.
+3. Consider upgrading the system's RAM if memory usage is consistently high.
+
+- Monitor memory usage over time
+
+1. Use Windows Performance Monitor to create a Data Collector Set that collects memory usage metrics.
+2. Analyze the collected data to identify trends and potential issues.
+
+### Useful resources
+
+1. [How to use Task Manager to monitor Windows PC's performance](https://support.microsoft.com/en-us/windows/how-to-use-task-manager-to-monitor-windows-pc-s-performance-171100cb-5e7d-aaba-29abfedfb06f)
+2. [How to use Performance Monitor on Windows 10](https://www.windowscentral.com/how-use-performance-monitor-windows-10)
+3. [How to fix high memory usage in Windows](https://pureinfotech.com/reduce-ram-memory-usage-windows/)
\ No newline at end of file
diff --git a/health/guides/windows/windows_swap_in_use.md b/health/guides/windows/windows_swap_in_use.md
new file mode 100644
index 000000000..5a6500915
--- /dev/null
+++ b/health/guides/windows/windows_swap_in_use.md
@@ -0,0 +1,41 @@
+### Understand the alert
+
+This alert monitors the swap memory utilization on a Windows system. If you receive this alert, it means that your system's swap memory usage is nearing or has exceeded the defined thresholds (`warning` at 80-90% and `critical` at 90-98%).
+
+### What is swap memory?
+
+Swap memory is a virtual memory management technique where a portion of the disk space is used as an extension of the physical memory (RAM). When the system runs low on RAM, it moves inactive data from RAM to swap memory to free up space for active processes. While swap memory can help prevent the system from running out of memory, keep in mind that accessing data from swap memory is slower than from RAM.
+
+### Troubleshoot the alert
+
+1. Determine the system's memory and swap usage.
+
+   Use the Windows Task Manager to monitor the overall system performance:
+
+   ```
+   Ctrl+Shift+Esc
+   ```
+
+   Navigate to the Performance tab to see the used and available memory, as well as swap usage.
+
+2. Check per-process memory usage to find the top consumers.
+
+   In the Task Manager, navigate to the Processes tab. Sort the processes by memory usage to identify the processes consuming the most memory.
+
+3. Optimize or close the high memory-consuming processes.
+
+   Analyze the processes and determine whether they are essential. Terminate or optimize non-critical processes that consume a significant amount of memory. Ensure to double-check before closing any process to avoid unintentionally closing necessary processes.
+
+4. Increase the system's memory or adjust swap file settings.
+
+   If your system consistently runs low on memory, consider upgrading the hardware to add more RAM or adjusting the swap memory settings to allocate more disk space.
+
+5. Prevent memory leaks.
+
+   Memory leaks occur when an application uses memory but fails to release it when no longer needed, causing gradual memory depletion. Ensure that all software running on your system, particularly custom or in-house applications, is well-designed and tested for memory leaks.
+
+### Useful resources
+
+1. [How to Manage Virtual Memory (Pagefile) in Windows 10](https://www.techbout.com/manage-virtual-memory-pagefile-windows-10-29638/)
+2. [Troubleshooting Windows Performance Issues Using the Resource Monitor](https://docs.microsoft.com/en-us/archive/blogs/askcore/troubleshooting-windows-performance-issues-using-the-resource-monitor)
+3. [Windows Performance Monitor](https://docs.microsoft.com/en-us/windows-server/administration/windows-server-2008-help/troubleshoot/windows-rel-performance-monitor)
\ No newline at end of file