Configuration/Definitions/ADGroupChanges.json
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
{ "SearchDefinition": { "ADGroupChanges": { "Events": { "Fields": { "Computer": "Domain Controller", "Date": "Date", "MemberName": "MemberName", "MemberSid": "MemberSID", "TargetUserName": "TargetGroupName", "TargetDomainName": "TargetDomainName", "Who": "Who", "ObjectAffected": "ObjectAffected", "Action": "Action", "NoNameB4": "EventAction", "KeyWord": "KeyWord", "ID": "Event ID", "RecordID": "Record ID", "GatheredFrom": "Gathered From", "GatheredLogName": "Gathered LogName" }, "Events": [ 4728, 4729, 4732, 4733, 4735, 4737, 4745, 4746, 4747, 4750, 4751, 4752, 4756, 4757, 4760, 4761, 4762, 4764 ], "IgnoreWords": { "Who": "*ANONYMOUS*" }, "LogName": "Security", "SortBy": "When", "Enabled": true }, "Enabled": true } }, "LogName": "WEC3-Account-Management" } |