Samirbous/process started via seclogon

## process started via seclogon
event.code:4688 and winlog.event_data.TargetUserSid :"S-1-0-0" and not winlog.event_data.TargetUserName:*$ and
not winlog.event_data.TargetUserName:- and not winlog.event_data.TargetUserName:"defaultuser100000" and
not winlog.event_data.TargetUserName : ("LOCAL SERVICE" or "NETWORK SERVICE") and
not winlog.event_data.TargetDomainName : ("NT Service" or "Font Driver Host")
	event.code:4688 and winlog.event_data.TargetUserSid :"S-1-0-0" and not winlog.event_data.TargetUserName:*$ and
	not winlog.event_data.TargetUserName:- and not winlog.event_data.TargetUserName:"defaultuser100000" and
	not winlog.event_data.TargetUserName : ("LOCAL SERVICE" or "NETWORK SERVICE") and
	not winlog.event_data.TargetDomainName : ("NT Service" or "Font Driver Host")