Skip to main content
Skip table of contents

V 2.0 : EVID 4675 : SIDs Were Filtered

Vendor Documentation


Rule Name

Rule Type

Common Event


V 2.0 : EVID 4675 : SIDs Were FilteredBase Rule SIDs FilteredOther Audit 

Mapping with LogRhythm Schema 

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

ProviderN/AN/AIdentifies the provider that logged the event. The Name and GUID attributes are included if the provider used an instrumentation manifest to define its events. The EventSourceName attribute is included if a legacy event provider (using the Event Logging API) logged the event.
EventID<vmid>NumberThe identifier that the provider used to identify the event.
Version N/AN/AThe version number of the event's definition.
Level<severity>Text/StringThe severity level defined in the event.
Task<vendorinfo>Text/StringThe task defined in the event. The Task and Opcode are typically used to identify the location in the application from where the event was logged.
OpcodeN/A N/AThe opcode defined in the event. The Task and Opcode are typically used to identify the location in the application from where the event was logged.
Keywords<result>Text/StringA bitmask of the keywords defined in the event. Keywords are used to classify types of events (for example, events associated with reading data).
TimeCreatedN/A N/AThe time stamp that identifies when the event was logged. The time stamp will include either the SystemTime attribute or the RawTime attribute.
EventRecordIDN/A N/AThe record number assigned to the event when it was logged.
CorrelationN/A N/AThe activity identifiers that consumers can use to group related events together.
ExecutionN/A N/AContains information about the process and thread that logged the event.
ChannelN/A N/AThe channel to which the event was logged.
Computer<dname>Text/StringThe name of the computer on which the event occurred.



Text/StringSID of target account.
TargetUserNameN/AN/AThe name of the target account.
TargetDomainNameN/AN/AThe target's domain or computer name. Formats vary, and include the following:
  • Domain NETBIOS name. For example: CONTOSO
  • Lowercase full domain name: contoso.local
  • Uppercase full domain name: CONTOSO.LOCAL
  • For some well-known security principals, such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.
  • For local user accounts, this field will contain the name of the computer or device to which this account belongs
TdoDirectionN/AN/AThe direction of new trust.
TdoAttributesN/AN/AThe decimal value of attributes for new trust.
TdoTypeN/AN/AThe type of new trust.
SidListN/AN/AContains current list of SIDs (groups or accounts) which are members of Special Groups.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.