Hi All
I collecto some windows event ...and find some events does not include user or filename ...it just systen event.
like below:
I credate a data collection policy and add some fileters like below, thenn assign to agent manager group.
waiting about 20 mins....thse events send to sentinel server....
I find these event has 2 attributes...like bwlow
now the source attribute of filter policy been set "Microsoft-Windows-Security-Auditing"
Do I set error ....Security / Microsoft-Windows-Security-Auditing , which one I should set on source attribute of filter policy ?
Thanks!!
Wencheng