Configuration/Definitions/ADGroupCreateDelete.json
|
{ "SearchDefinition": { "ADGroupCreateDelete": { "Events": { "Fields": { "Computer": "Domain Controller", "Date": "Date", "MemberName": "MemberName", "MemberSid": "MemberSID", "TargetUserName": "TargetGroupName", "TargetDomainName": "TargetDomainName", "Who": "Who", "ObjectAffected": "ObjectAffected", "Action": "Action", "NoNameB4": "EventAction", "KeyWord": "KeyWord", "ID": "Event ID", "RecordID": "Record ID", "GatheredFrom": "Gathered From", "GatheredLogName": "Gathered LogName" }, "Events": [ 4727, 4730, 4731, 4734, 4744, 4748, 4749, 4753, 4754, 4758, 4759, 4763 ], "IgnoreWords": {}, "LogName": "Security", "SortBy": "When", "Enabled": true }, "Enabled": true } }, "LogName": "WEC3-Account-Management" } |