AD FS Auditing Events Dropping from Windows Pack
The Microsoft Windows Events pack is currently dropping "SourceName=AD FS Auditing" events from the Security logs. I found the two lines that are not properly filtering the events.
- Pipeline: Windows Classic Events, "Final Cleanup" lines 27 & 28, (Serialize & Eval).
I turned it off, but still working to get the events to not drop and convert to json.
Q: Wondering if this filter is currently being updated/corrected?