Event ID 4688 Windows 2016 not Capturing All Elements
Event ID 4688 is not capturing all data from 2016 systems. This is the process creation event, it includes some critical data like parent processes on Windows 10 / 2016 Systems, the parser is missing this information
Is there an ETA for when Windows 2016 and Windows 10 events will be parsed fully? I think it's a little disingenuous to announce Windows 2016 support when none of the new events or older event enhancements are parsed correctly. Is there a channel I should be escalating to?