Enable Windows advanced audit subcategories required by IBM QRadar WinCollect's NSA filter — locale-independent (uses GUIDs), idempotent, with backup/rollback. CMD + PowerShell.
security powershell cmd siem event-logs qradar windows-security wincollect ibm-qradar auditpol windows-audit nsa-filter
-
Updated
May 30, 2026 - PowerShell