Hello.

 

I set up a new EventID monitor set that checks the security logs for the desired events.  This is working as expected, however - when the events come in over email, the event details are not resolving the security ID's. What do I need to do to address this?  Two example below, the Kaseya event and the Windows event...

 

Kaseya Event -

Description: A member was added to a security-enabled local group.

Subject:

Security ID:       S-1-5-21-3947201039-1660169319-2489435107-2749

Account Name:        MyUserAccount

Account Domain:        MyDomain

Logon ID:        0x1a73a

Member:

Security ID:       S-1-5-21-3733995272-681209301-2939262457-1007

Account Name:        -

Group:

Security ID:        S-1-5-32-544

Group Name:        Administrators

Group Domain:        Builtin

Additional Information:

Privileges:        -


Windows Event:

A member was added to a security-enabled local group.

Subject:

Security ID: DOMAIN\MyUserAccount

Account Name: MyUserAccount

Account Domain: MyDomain

Logon ID: 0x1a73a

Member:

Security ID: LocalPC\NewUserAccount

Account Name: -

Group:

Security ID: BUILTIN\Administrators

Group Name: Administrators

Group Domain: Builtin

Additional Information:

Privileges: -