Hi Giuseppe, we capture the following Group event codes in our environment. I just need the SPL that identifies the alert on my initial question. Thanks.
Event 4727 A Security-enabled Global Group was created
Event 4737 A Security-enabled Global Group was changed (generico precede ogni operazione che modifica le caratteristiche del gruppo)
Event 4728 A member was added to a security-enabled Global group
Event 4729 A member was removed from a security-enabled Global group
Event 4730 A Security-enabled Global Group was removed
Event 4754 A Security-enabled Universal Group was created
Event 4755 A Security-enabled Universal Group was changed (generico precede ogni operazione che modifica le caratteristiche del gruppo)
Event 4756 A member was added to a security-enabled Universal group
Event 4757 A member was removed from a security-enabled Universal group
Event 4758 A Security-enabled Universal Group was removed
Event 4731 A Security-enabled Local Group was created
Event 4735 A Security-enabled Local Group was changed (generico precede ogni operazione che modifica le caratteristiche del gruppo)
Event 4732 A member was added to a security-enabled Domain Local group
Event 4733 A member was removed from a security-enabled Domain Local group
Event 4734 A Security-enabled Domain Local Group was removed
Event 4781 Group Rename (preceduto da 4735 Locale o 4737 Globale o 4755 Universale)
Event 4764 Group Change Type
