cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sammy1
Sammy1
Level 7
Report Inappropriate Content
Message 1 of 4
‎10-23-2018 10:14 AM

ELM Search

Hello everyone, I am trying to do an ELM search for all user accounts disabled, Windows Event 4725, in th esearch I put 4725 but it returned a ton of results and actually met its limit, then when I spot checked the results they were not accounts disabled events, am I doing something wrong?

 

0 Kudos
Reply
3 Replies
David1111
Reliable Contributor David1111
Reliable Contributor
Report Inappropriate Content
Message 2 of 4
‎10-24-2018 02:51 AM

Re: ELM Search

try 43-263047250

the McAfee convention for windows id's is 43-2630<wmi event id>0

so in your case it's 43-263047250

 

I know its' silly... but it's not the only silly thing in this system...

give a like if you fill so... it's time for McAfee to notice the Users feelings.

David

0 Kudos
Reply
Highlighted
mherr
McAfee Employee mherr
McAfee Employee
Report Inappropriate Content
Message 3 of 4
‎10-24-2018 01:38 PM

Re: ELM Search

To narrow your ELM search, you can try searching for ||4725|| and select only Windows Devices

or you can try regex   (\|\|4725\|\|) and select Windows Devices. 

Searching just 4725 could pop up in many ways in raw text. 

The actual event has Microsoft-Windows-Security-Auditing||4725||, which could also be used to narrow your search.

 

0 Kudos
Reply
Sammy1
Sammy1
Level 7
Report Inappropriate Content
Message 4 of 4
‎10-25-2018 12:54 PM

Re: ELM Search

Oh this is really good, I will try this, thank you..

0 Kudos
Reply
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator

    • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community


    Corporate Headquarters
    2821 Mission College Blvd.
    Santa Clara, CA 95054 USA

    Consumer Support   |   Enterprise Support   |   McAfee.com

    Legal   |   Privacy   |   Copyright © 2019 McAfee, LLC