Format is as below:
Dec 5 13:08:47 XXXXXXX AgentDevice=XXXXXXX AgentLogFile=XXXXXXX PluginVersion=7.2.8.91 Source=Microsoft-Windows-Security-Auditing Computer=XXXXXXX OriginatingComputer=XXXXXXX User= Domain= EventID=4728 EventIDCode=4728 EventType=8 EventCategory=13826 RecordNumber=XXXXXXX TimeGenerated=XXXXXXX TimeWritten=XXXXXXX Level=Log Always Keywords=Audit Success Task=XXXXXXX_ACCOUNTMANAGEMENT_SECURITYGROUP Opcode=Info Message=A member was added to a security-enabled global group. Subject: Security ID: XXXXXXX Account Name: XXXXXXX Account Domain: XXXXXXX Logon ID: XXXXXXX Member: Security ID: XXXXXXX Account Name: CN=XXXXXXX,OU=XXXXXXX,OU=XXXXXXX XXXXXXX XXXXXXX,OU=XXXXXXX,DC=XXXXXXX,DC=XXXXXXX,DC=XXXXXXX Group: Security ID: XXXXXXX Group Name: XXXXXXX Group Domain: XXXXXXX Additional Information: Privileges: -
... View more