Detecting the Windows domain controller vulnerability? (CVE-2020-1472)

Detecting the Windows domain controller vulnerability? (CVE-2020-1472)

Microsoft has created new event ID's to help identify devices that use the vulnerable connection. Can this be added or an alert created for it?  Source: https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc. Can this be added into ADAudit?

Specifically, this part:

Deploy the August 11th updates to all applicable domain controllers (DCs) in the forest, including read-only domain controllers (RODCs). After deploying this update patched DCs will:
  • Begin enforcing secure RPC usage for all Windows-based device accounts, trust accounts and all DCs.
  • Log event IDs 5827 and 5828 in the System event log, if connections are denied.
  • Log event IDs 5830 and 5831 in the System event log, if connections are allowed by "Domain controller: Allow vulnerable Netlogon secure channel connections" group policy.
  • Log event ID 5829 in the System event log whenever a vulnerable Netlogon secure channel connection is allowed. These events should be addressed before the DC enforcement mode is configured or before the enforcement phase starts on February 9, 2021.