How do I find a more extensive list of event parameters relative to a particular event id? (NETIQKB72759)

When creating event rules in the Development console, at times it is necessary to have a more extensive list parameter criteria. Knowing which parameter is relative to which criteria allows users to create more granular collection, correlation, and filtering rules.

To gather a more extensive list of parameters for a particular windows event, follow these steps.

1.  Go to development console and find or create a rule that collects a certain event.  It must be a rule with an alert tab.

2. In the alert tab description field type in the following criteria up to as many parameters as you want to see. 

P1 = $Parameter 1$
P2 = $Parameter 2$
P3 = $Parameter 3$
P4 = $Parameter 4$
P5 = $Parameter 5$

3. click ok to save the rule.

4. Force configuration changes so the new rule gets pushed out.

5. Once the alert comes in the above parameters will be populated in the description field.

Note:  Once you get your list of parameters documented, put the rule back to its original configuration so as not to cause a lot of overhead in your SM configuration.

Formerly known as NETIQKB72759