Ok, so I was looking at this rule, and it says that I must be auditing process tracking on the agent. How do I achieve this?
Kills the solitaire process
NOTE: In order for the ProcessStart event to be detected,
you must be auditing process tracking on the agent (otherwise
the event will not be logged). See the section on Windows
auditing level in your Product Integration manual for more
information.
You may also wish to create a User Defined group with a list
of the game processes you want to kill for the purposes of
this rule (should you wish to monitor more than one).