how to exclude some events ?

Hi All

    I collecto some windows event ...and find some events does not include user or filename ...it just systen event.

like below:

I credate a data collection policy and add some fileters like below, thenn assign to agent manager group.

waiting about 20 mins....thse events send to sentinel server....

I find these event has 2  attributes...like bwlow

now the source attribute of filter policy been set "Microsoft-Windows-Security-Auditing"

Do I set error ....Security / Microsoft-Windows-Security-Auditing , which one I should set on source attribute of filter policy ?

Thanks!!

Wencheng