Forum Discussion
Security Event 4732 and 4733 is missing details
Sentinel gets security events 4732 and 4733, but it's missing which users/groups get added or removed from the endpoints. The security logs are not detailed when I checked the event viewer. Am I miss...
Do you have UEBA enabled, if so you maybe able to correlate to that data? https://docs.microsoft.com/en-us/azure/sentinel/investigate-with-ueba#embed-identityinfo-data-in-your-analytics-rules-public-preview
Yes I have it enabled. But that's not what I'm looking for. I attached the event viewer screenshot, where the member security ID (yellow highlighted) is not being forwarded to Sentinel. You can see the comparison between the Sentinel log and Event Viewer. However, the sentinel log has the Member Security ID as a SID (not the actual username/account name)