Hello Mark
I don't know how to monitor running of specific command but I have idea how to help you.
sisipsconfig -r change line use.builtin.policy=false to use.builtin.policy=true in agent.ini file
So you need to create file watch rule that monitor
C:\Program Files (x86)\Symantec\Data Center Security Server\Agent\IPS\agent.ini
You can also add use.builtin.policy=false to "ignore string" in the policy or modify "select string" to monitor only this modification.
I can see that runing this command wil create the event with right username with the rule.
It also helpful as someone can edit file directly without running command.