Freigeben über


ACS filter - my recommendation

ACS filer - my recommendation:

"SELECT * FROM AdtsEvent WHERE NOT (EventId=673 OR EventId=672 OR EventId=836 OR EventId=837 OR EventId=515 OR EventId=674 OR EventId=552 OR EventId=835 OR EventId=521 OR EventId=4614 OR EventId=4371 OR EventId=4610 OR EventId=4611 OR EventId=4619 OR EventId=4613 OR EventId=4620 OR EventId=4621 OR EventId=4932 OR EventId=4933 OR EventId=4647 OR EventId=4648 OR EventId=4662 OR EventId=4688 OR EventId=4689 OR EventId=4696 OR EventId=4768 OR EventId=4769 OR EventId=4770 OR EventId=4771 OR EventId=4772 OR EventId=4776 OR EventId=4779 OR EventId=4931 OR EventId=4954 OR EventId=5159 OR EventId=5152 OR EventId=5157 OR EventId=5447 OR HeaderUser='System' OR HeaderUser='ANONYMOUS LOGON' OR PRIMARYUSER LIKE '%SVC%' OR PRIMARYUSER LIKE '%$%' OR TARGETUSER LIKE '%$%')"

Security event source / description:

https://www.ultimatewindowssecurity.com