Cyb3rSn0rlax

Hi @Cyb3rPandaH Thanks for your time, I actually thought of that but the documentation of the event threw me off [here](https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4611) > At the technical level, the event does not...

@Cyb3rPandaH I didn't see initially that EID 4611 is part of Logon Session Metadata yaml file. Sorry my bad. You can delete the trusted logon process

Addinf IP called an RPC method via Zeek or EID 5712 ```yaml relationship_id: REL-2022-0188 name: IP called RPC Method contributors: - Hamza OUADIÂ @Cyb3rSn0rlax attack: data_source: Network Traffic data_component: network...

Hello @nsano-rururu and thank you for your response. I didn't follow this error any further I dropped the docker version and used the repo version by @ServerCentral