im trying to build an real time monitoring rule for when the CAC requirement is turned off for any account on our network.

My issue is the event ID is shared. and im unable to get any event filter to check for a string value.

the Event ID is 4738 and…

Hi,

I would like to implement Sigma rules for Intrust. Is there a convertert or is there a implementation already planned?

Good Day!

I am trying to create a report that uses the data imported from a Repo to the Audit database to report on specific Event IDs in the security logs. Is there a way to create a report where I can type in any Event ID say 1104 and pull the computer…