I am working on an alert to send to our help desk when users have a specific application crash on a Windows workstation. I have created the event monitor to alert on the crash and that is working as expected. The part I am having trouble with is returning the current active user. I have asset inventory enabled on these nodes but that only polls once a day so using the "lastloggedinuser" is not accurate. Is there a more accurate way to pull the current logged in user when I receive this crash event? I am not great with the Powershell monitor and have tried that route but even if I do get the statistic returned I am unsure how to add that variable to the alert email. Any help would be greatly appreciated.