We are performing event noise reduction on SIEM. There are some events that fall under the SYSTEM category of windows.
Now we want to disable these events without deselecting the SYSTEM category on SIEM Event Log Collector.
Also is there any guide/document on the different event categories mentioned in the SIEM Event log collector.?
You can remove SYSTEM from the "Event Logs" menu in the datasource settings.
You can create a system profile w/o SYSTEM to use for Windows servers that you don't want to collect system logs from.