Rules have been created to monitor for specific types of Application, System and Security based NT Events. Any Application or System based NT Event Rules properly trigger, however, no Security Event based Rules will trigger.
Security NT Event based Rules fail to trigger
The Security based NT Event is configured to trigger as defined by the following threshold criteria:
If LogFile = Security AND If EventId = 4953 AND If Source = Microsoft Windows Security Auditing
The value for the Source field is incorrect. The value shown is entered based on the format as shown in the Security Log:
The correct format for the Source Field value is Microsoft-Windows-Security-Auditing
Once this value has been changed accordingly, the Rule will properly trigger.
Monitor Solution 7.1.7580
Event Console 7.1.7580
This is machine translated content
Login to Subscribe
Please login to set up your subscription.
Didn't find the article you were looking for? Try these resources.