Regex and Content field in Alerter
Hi all, i am bit new to regex can anyone help me finding one Word from the content field?
The scenario is
We are monitoring the Windows Event logs and i want to get alerted as soon as someone sets "No Password Expiry" option on users in Active directory
I know that the event ID will be 642 so i can just use them but i want to filter the events for
User Account Control: 'Don't Expire Password' - Enabled
User Account Control: 'Don't Expire Password' - Disabled
Previously i was using Like option in the filtering to find Disabled OR enabled filed and was working but somehow RSA changed something and its not working.
Can any suggest a better way to do that?
You can use variable in statement, event id and event id as 642
next use filter option, content equals to 'Don't Expire Password'
I am new at envision.. but tried couple of options like this.
Let me know how it goes Good day