1de68c67-af5c-4097-9c85-fe5578e09e67 issue #4584
Assignees
Labels
Bug
Indicates a bug with one of the tools and features provided by the project
Work In Progress
Some changes are needed
Comments
|
Thanks for the report. Will look into this and see what can be done. |
nasbench
added
Bug
Merged
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description of the Idea of the Rule
Event id 4658 don't have field ObjectName. Event id 4658 can be leveraged by linking it back to the earlier event ID [4656] with the same handle ID. This rule is referencing objectName for 4658. Is this expected?
Same issue also in 39a80702-d7ca-4a83-b776-525b1f86a36d
Public References / Example Event Log
https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4658
https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4658
The text was updated successfully, but these errors were encountered: