• Custom real time monitoring rule for event id with a string Value

    im trying to build an real time monitoring rule for when the CAC requirement is turned off for any account on our network.

    My issue is the event ID is shared. and im unable to get any event filter to check for a string value.

    the Event ID is 4738 and…