0 Replies Latest reply on Oct 17, 2017 12:52 PM by anton2016

    Event ID 4688 Windows 2016 not Capturing All Elements

    anton2016

      Event ID 4688 is not capturing all data from 2016 systems. This is the process creation event, it includes some critical data like parent processes on Windows 10 / 2016 Systems, the parser is missing this information

       

       

      2017-10-17_13-48-51.png

       

      Is there an ETA for when Windows 2016 and Windows 10 events will be parsed fully? I think it's a little disingenuous to announce Windows 2016 support when none of the new events or older event enhancements are parsed correctly. Is there a channel I should be escalating to?

       

      Appreciate the help.