I have been using Kiwi Syslog server and now use LA in HCO. I am using the Orion agent on Windows servers. I found the way to create email alerts for Windows events (like I made an email alert whenever a user is added to the Domain Admin group), and it works fine. But is there a way to include the contents of the Windows event in the email? I didn't see a variable that I could use for that.
(This would be beneficial, for example, to see who added the user to the group, since that information would be included in the Windows event . If another domain admin added the user, that would not be as vital as if the user themself (a hacker) added the user to the group.)
Thanks for your help and input!