Hi,
I am trialling log management solutions at the moment.
I've got an example search configured looking for windows events which relate to account enabled or disabled for those accounts with fire in the name.
Is there a way to easily take this and create a rule from it?
( EventInfo = "User account disabled \"*fire*\"" ) OR ( EventInfo = "\"Account Enabled \\\"*fire*\\\"\"" )
Thanks