We can setup custom alerts for Event ID in thresholds. The problem is that when setting up the alert, the level has to match what is in the windows log. For example if we setup an alert for the Event ID 4672 for a user being granted admin rights. In the event viewer the level is "informational" so we have to setup the alert in the threshold as informational to match. It would be great if we could assign the Atera alert to Warning instead of informational. That would let us have that red flag warning that they may be compromised, instead of the alert getting missed in the "informational" alerts.