...
From an admin CMD prompt run “net stop snare”
Edit the values in HKLM\Software\Intersect Alliance\AuditService\Status of the relevant windows event log, typically the Application/System and Security event logs, but custom event logs can also be reset if required using the same method.
Reset the Recordid to 1 as per the images
repeat for each of the event logs that you want to resend the logs from
once complete then start the snare agent again from the admin CMD prompt “net start snare”
The agent will then start to reprocess all the old events.
...