I want to be alerted anytime a particular windows account is used/accessed/modified in any way. I set the log source to be security, event source microsoft-windows-security-auditing, and alert condition to be any computer, any event level, any event id, and description contains <the username>.
My problem is that the test appears to be case sensitive. Even a short account name like "Billy" has 32 case sensitive combinations; but Windows usernames are case insensitive.
Event log description text -- case insensitive
-
- Posts: 11
- Joined: Tue Dec 17, 2019 8:02 am