Hi All,
We're seeing excessive 4673 events which appear to be linked to the chromium issue causing failures against SeProfileSingleProcessPrivilege; this appears to be well know by Microsoft.
Ideally we would like to exclude these specific events from being ingested by the ElasticAgent; specifically:
event.code: 4673
winlog.event_data.PrivilegeList: SeProfileSingleProcessPrivilege
event.outcome: failure
Has anyone else done this, or can anyone suggest the best approach?
Thanks
J