We have configured ntevl probe in our environment for capturing the event ID (Example) 4732 and 4733 which gets generated when one or more user being added\deleted into\from the Admin group.
Ntevl probe is capturing the information from the details tab and not from the general tab. This is causing problem because in details tab we don't see required information and the information mentioned in the Security ID been changed from english alphabets to numeric value. Besides, the mail purpose of using this event id is to capture below three entries.
1) Who is adding\deleting user (Wintel Admin)
2) User ID which has been added\deleted
3) Group name in which the ID has been added\deleted
Now, in details tab we don't have number 2 information in (Security ID) readable format and we don't know which user id has been added or deleted. This information is important to capture otherwise no use to enable this kind of monitoring.
I have raised case with CA Support and they suggested me to raise request for enhancement. Therefore i am posting this idea here and would appreciate if someone can look into this request and work upon the enhancement.
Thanks & Regards,