Julian
Joined 3 years ago
User Profile
User Widgets
Contributions
Re: How to use the Audit Log Report Search Filter (binar)
Hi @Stuart Weenig, I appreciate your response. It may be that it's not supported and I will reach out to support. I've attached a screenshot below indicating that it should be supported, although there doesn't seem to be documentation detailing how to use it.23Views0likes0CommentsHow to use the Audit Log Report Search Filter (binar)
I'm not having any luck using the AND, OR, and NOT operators in the Audit Log Report Search Filter. I am trying to retrieve logs that indicate that alert has been disabled. I'm able to return results with each of the following queries: 1. *getAlertEnable: update value=false* 2. *disable alerting on this instance* I would like to OR them, but using the following query doesn't seem to work: 1. *getAlertEnable: update value=false* OR *disable alerting on this instance* Am I going about this the wrong way? Any help pointing me to relevant documentation or helping me solve this is greatly appreciated! Thanks!58Views1like3CommentsRe: KB5004442: Manage changes for Windows DCOM Server Security Feature Bypass (CVE-2021-26414)
We are currently experiencing an issue relating to this KB. There are several Event Logs coming in with the following message: Message: The server-side authentication level policy does not allow the user <domain>\<service_account> SID (<SID>) from address 10.20.23.25 to activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application. The event can be suppressed, but the cause of the issue is on the collector side. It seems that the collector would need to be updated. Please let me know if I'm misinformed.28Views0likes0Comments