Version

Argent Omega 2.2A-2310-A or later

Date

Wednesday, 1 November 2023

Summary

Both Windows Compliance Rule and Windows Event Log Rule can filter on event IDs. Some of such event ID combinations could be used in multiple Rules. For example, events 4722 and 4725 are about account enabled or disabled, events 4728,4732 and 4756 are for AD group member operations. It can be easier to manage by defining Event ID Macros for such groups of event IDs.

To use Event ID Macros is simple. When event ID filter includes an Event ID Macro without minus in front, filter is passed if event ID is one of IDs in macro; with a minus in front, filter is passed only if event ID is none of ID’s in macro.

Technical Background

N/A

Resolution

Upgrade to Argent Omega 2.2A-2310-A or later.

For further assistance, please contact Argent on Instant Help at
https://Instanthelp.Argent.com/