Sentinel Version: 7.1.0.1_904
Windows Collector Version: 2011.1r3
WMI connector versions: 2011.1r2
Event Source Version: MS Windows 2008 R2 Standerd Edition

pre-defined Collector parameters are enabled to drop following events:
Code:
--------------------

Drop Computer-Generated Directory Service Events yes
Drop Computer-Generated Logon and Logoff Events yes
Drop Object Access (5156) Events yes
Drop Service-Generated Directory Service Events yes
Drop Service-Generated Logon and Logoff Events yes
Drop Service-Generated Privilege Use Events yes
Drop Unmodified Policy Change Events yes
--------------------


But when I click on Search in Sentinel WebUI, I can see following events
Code:
--------------------

12:30:46 Special privileges assigned to new logon. (Operating System:Microsoft Active Directory and Windows)
2013-11-18 User Session Events > Modify > Success
Message: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: DC1$ Account Domain: SHARF Logon ID: 0xce33f Privileges: SeSecurityPrivilege SeBa ...

12:30:02 The Windows Filtering Platform has permitted a bind to a local port.(Operating System:Microsoft Active Directory and Windows)
2013-11-18 Peer Association Management > Create > Success
Message: The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 840 Application Name: \device\harddiskvolume1\windows\system32\svchost.e xe ...
--------------------


I can see the above events in Sentinel WebUI, when using the
2011.1r4(http://tinyurl.com/lbblymd)

Regards,
Sharfuddin


--
sharfuddin
------------------------------------------------------------------------
sharfuddin's Profile: https://forums.netiq.com/member.php?userid=1016
View this thread: https://forums.netiq.com/showthread.php?t=49248