I am currently running a 30 day trial of LEM. I have the environment fully configured including an agent installed on our domain controller. I have other rules set up and successfully firing email alerts for things like failed login attempts on our cisco switches, changes to firewall policies, etc.
I would like to receive an email alert when a user is added to Domain Admins or any of the other "high privilege" accounts in AD. I found the training video that explains exactly how to do this, however I cannot get the Rule to fire thus no email is being sent. If I go to Monitor and select Group Changes filter, I can see the event:
However under Rule Activity I do not see the rule that I configured.
I tried cloning the rule template per the video's instructions and also creating a rule from scratch but neither rule will fire.
Here is one of the rules, created by cloning the template:
I have saved and activated the rules.
Other rules are being triggered and firing emails for syslog events, this is the first AD-related rule I have tried.
Does anyone have a suggestion? Thank you.