I'm new to SEM so excuse my noob question. I am wanting to monitor a specific Windows Security Event and have this rule alert only 1 specific system. Firstly I would just like to get this to alert on the event, and then narrow it down. I am interested in the FIle Audit event 4663 in the Windows Security log.
So far I have a Windows Security Connector on the node, and a rule with "FIleAudit.EventInfo is equal to String "An attempt was made*" However I really just want to look out for Event ID 4663 but I cannot see how to do this.
Thanks in advance
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.