We have an Audit system called Varonis to capture event changes on all our DC's. We have just discovered (or have been told actually) that IDM doesn't pass all events being completed against an AD domain to the Security Event Logs on the DC. The events occur fine ie changes happen as expected however, the vendor of this Varonis system says they are unable to see these events in the Logs thus it cannot track them. Question is, how are events from the AD Driver passed to the DC's security Logs?

any Help would be great... Thx