Showing results for 
Search instead for 
Did you mean: 
Level 9

Event ID 4688 Windows 2016 not Capturing All Elements

Event ID 4688 is not capturing all data from 2016 systems. This is the process creation event, it includes some critical data like parent processes on Windows 10 / 2016 Systems, the parser is missing this information

Is there an ETA for when Windows 2016 and Windows 10 events will be parsed fully? I think it's a little disingenuous to announce Windows 2016 support when none of the new events or older event enhancements are parsed correctly. Is there a channel I should be escalating to?

Appreciate the help.

0 Kudos