utils: Add a describing link for not mapping case of capability SIDs

Signed-off-by: Hiroshi Hatake <[email protected]>
fluent-plugins-nursery · Aug 19, 2024 · f09c877 · f09c877
1 parent 2fae082
commit f09c877
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/ext/winevt/winevt_utils.cpp b/ext/winevt/winevt_utils.cpp
@@ -888,7 +888,8 @@ render_system_event(EVT_HANDLE hEvent, BOOL preserve_qualifiers, BOOL preserveSI
       }
       /* S-1-15-3- is used for capability SIDs. So, we need to skip
        * SID translation.
-       * See also: https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-identifiers
+       * ref: https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-identifiers
+       * See also: https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/sids-not-resolve-into-friendly-names
        */
       if (strnicmp(pwsSid, "S-1-15-3-", 9) != 0) {
         if (ExpandSIDWString(pRenderedValues[EvtSystemUserID].SidVal,