Skip to main content
Skip table of contents

EVID 4675 : SIDs Were Filtered

Event Details

Event TypeSIDs Were Filtered
Event Description4675(S) : SIDs Were Filtered.
Event ID4675
Vendor Documentationhttps://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4675

Log Fields and Parsing

This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.

Log FieldLogRhythm DefaultLogRhythm Default v2.0
Provider<vendorinfo>N/A
EventID<vmid><vmid>
Version<version>N/A
Level<severity><severity>
Task<process><vendorinfo>
OpcodeN/AN/A
Keywords<result>, <tag1><result>
TimeCreatedN/AN/A
EventRecordIDN/AN/A
CorrelationN/AN/A
ExecutionN/AN/A
Processid<processid>N/A
CN<sname>N/A
Sessionid<session>N/A
status code<status>N/A
ChannelN/AN/A
Computer <dname><dname>
TargetUserSidN/A<domainorigin>, <login>
TargetUserNameN/AN/A
TargetDomainNameN/AN/A
TdoDirectionN/AN/A
TdoAttributesN/AN/A
TdoTypeN/AN/A
TdoSidN/AN/A
SidListN/AN/A

Log Processing Settings

This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.

LogRhythm Default

Regex IDRule NameRule TypeCommon EventClassification
1010539Microsoft Windows Security AuditingBase RuleGroup Membership InformationInformation
Security Audit : SuccessSub RuleWindows Audit Success Event
Security Audit : FailureSub RuleWindows Audit Failure EventOther Audit Failure

LogRhythm Default v2.0

Regex IDRule NameRule TypeCommon EventClassification
1012324
V 2.0 : EVID 4675 : SIDs Were FilteredBase RuleSIDs FilteredOther Audit
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close