Excessive 4673 events due to chromium

Hi All,

We're seeing excessive 4673 events which appear to be linked to the chromium issue causing failures against SeProfileSingleProcessPrivilege; this appears to be well know by Microsoft.

Ideally we would like to exclude these specific events from being ingested by the ElasticAgent; specifically:
event.code: 4673
winlog.event_data.PrivilegeList: SeProfileSingleProcessPrivilege
event.outcome: failure

Has anyone else done this, or can anyone suggest the best approach?


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.