Hello,
I wish to filter out the computer name in some rules.
The rules makes False alerts with the computer name as user name.
How exactely can i do that ?
Thanks in advance
*********
Rule (I) : Member added to an administrative group
Member DOMAIN\JCT_Level_1_Support added to group Builtin\Administrators by DOMAIN\ELEC-403-111$.
Alert was generated on computer ELEC-403-111.DOMAIN.COM.
***************
Rule (I) : Change Password Attempt on Administrative Account
There was administrative account password change attempt by DOMAIN\LAU106-54-90$ user. Target account: LAU106-54-90\admin.
Alert was generated on computer LAU106-54-90.DOMAIN.COM.
****************
Rule (A) : User Account enabled by unauthorized personnel
Account T-LEC-9205\Ladmin enabled by DOMAIN\T-LEC-9205$.
Alert was generated on computer t-lec-9205.DOMAIN.COM
****************
Rule (A) : Multiple failed logons by the same user
There were 5 failed logons by user ADMIN\SAFECOM-LEV-ADM$ from workstation SAFECOM-LEV-ADM.
Alert was generated on computer p-baruch.DOMAIN.COM.