IssueID #4444 - Adds eventID (French version) 4720, 4726, 4738, 4741,…

… 4742, 4743
wallix · Feb 22, 2013 · d44ba39 · d44ba39
1 parent edbc524
commit d44ba39
Show file tree

Hide file tree

Showing 2 changed files with 938 additions and 0 deletions.
diff --git a/normalizers/eventlog_security_audit_windows2008_en_2.xml b/normalizers/eventlog_security_audit_windows2008_en_2.xml
@@ -807,6 +807,72 @@ Additional Information:
         				<expectedTag name="additional_info">-</expectedTag>
 					</expectedTags>
             	</example>
+            	<example>
+            		<text>A computer account was changed.
+Subject:
+   Security ID:  ACME-FR\administrator
+   Account Name:  administrator
+   Account Domain:  ACME-FR
+   Logon ID:  0x20f9d
+Computer Account That Was Changed:
+   Security ID:  ACME-FR\John.Locke
+   Account Name:  John.Locke
+   Account Domain:  ACME-FR
+Changed Attributes:
+   SAM Account Name: -
+   Display Name:  -
+   User Principal Name: -
+   Home Directory:  -
+   Home Drive:  -
+   Script Path:  -
+   Profile Path:  -
+   User Workstations: -
+   Password Last Set: -
+   Account Expires:  -
+   Primary Group ID: -
+   AllowedToDelegateTo: -
+   Old UAC Value:  0x10
+   New UAC Value:  0x4010
+   User Account Control: 
+   'Not Delegated' - Enabled
+   User Parameters: -
+   SID History:  -
+   Logon Hours:  -
+   DNS Host Name:  -
+   Service Principal Names: -
+
+Additional Information:
+   Privileges:  -</text>
+					<expectedTags>
+						<expectedTag name="security_id">ACME-FR\administrator</expectedTag>
+						<expectedTag name="user">administrator</expectedTag>
+						<expectedTag name="domain">ACME-FR</expectedTag>
+						<expectedTag name="logon_id">0x20f9d</expectedTag>
+						<expectedTag name="target_security_id">ACME-FR\John.Locke</expectedTag>
+						<expectedTag name="target_user">John.Locke</expectedTag>
+						<expectedTag name="target_domain">ACME-FR</expectedTag>
+						<expectedTag name="sam_account_name">-</expectedTag>
+						<expectedTag name="display_name">-</expectedTag>
+						<expectedTag name="principal_name">-</expectedTag>
+						<expectedTag name="home_directory">-</expectedTag>
+						<expectedTag name="home_drive">-</expectedTag>
+						<expectedTag name="script_path">-</expectedTag>
+						<expectedTag name="profile_path">-</expectedTag>
+						<expectedTag name="workstations">-</expectedTag>
+						<expectedTag name="password_last_set">-</expectedTag>
+						<expectedTag name="expiry_date">-</expectedTag>
+						<expectedTag name="primary_gid">-</expectedTag>
+						<expectedTag name="old_uac">0x10</expectedTag>
+						<expectedTag name="new_uac">0x4010</expectedTag>
+						<expectedTag name="uac">'Not Delegated' - Enabled</expectedTag>
+        				<expectedTag name="user_parameters">-</expectedTag>
+        				<expectedTag name="sid_history">-</expectedTag>
+        				<expectedTag name="logon_hours">-</expectedTag>
+        				<expectedTag name="dns_host_name">-</expectedTag>
+        				<expectedTag name="service_names">-</expectedTag>
+        				<expectedTag name="additional_info">-</expectedTag>
+					</expectedTags>
+            	</example>
     		</examples>
     	</pattern>
     </patterns>