Configuration/Definitions/ADGroupChanges.json

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
{
    "SearchDefinition": {
        "ADGroupChanges": {
            "Events": {
                "Fields": {
                    "Computer": "Domain Controller",
                    "Date": "Date",
                    "MemberName": "MemberName",
                    "MemberSid": "MemberSID",
                    "TargetUserName": "TargetGroupName",
                    "TargetDomainName": "TargetDomainName",
                    "Who": "Who",
                    "ObjectAffected": "ObjectAffected",
                    "Action": "Action",
                    "NoNameB4": "EventAction",
                    "KeyWord": "KeyWord",
                    "ID": "Event ID",
                    "RecordID": "Record ID",
                    "GatheredFrom": "Gathered From",
                    "GatheredLogName": "Gathered LogName"
                },
                "Events": [
                    4728,
                    4729,
                    4732,
                    4733,
                    4735,
                    4737,
                    4745,
                    4746,
                    4747,
                    4750,
                    4751,
                    4752,
                    4756,
                    4757,
                    4760,
                    4761,
                    4762,
                    4764
                ],
                "IgnoreWords": {
                    "Who": "*ANONYMOUS*"
                },
                "LogName": "Security",
                "SortBy": "When",
                "Enabled": true
            },
            "Enabled": true
        }
    },
    "LogName": "WEC3-Account-Management"
}