Does anybody knows how to configure MARS to interprete a determinate log in windows events? The server is already configured in the mars and the events are being stored in MARS, I want to tell MARS "When you see an event with the text XXX, send it by email to [email protected]"
Sure, create an inspection rule using a keyword in the offset. Once you've tested it, add a notification action. The notification won't send the event though, just a link to the incident.