Hi, I got a request to onboard Event IDs 3039, 3040, 3041, 2886, 2887, 2888, 2889. I tried to Google them but couldn't see anything that will tell which logsource they're from. I don't know if I should put them under System i.e. [WinEventLog://System]
index = winlogs_of_domain_controllers
whitelist = 2886-2889,3039-3041 Or Security i.e. [WinEventLog://Security]
index = winlogs_of_domain_controllers
whitelist = 2886-2889,3039-3041 I was hoping someone could point me to a trusty website? Thank you.
... View more