After checking, it was found that Vision One does not have a built-in feature to capture Windows Event logs, including the Event ID 8022. However, our colleague Hai Nguyen provided a workaround as the customer uses Workload Security (WS), and this ability is inherent in WS. Therefore, the user needs to configure WS to capture the event and then configure it to send an alert to Vision One for monitoring and analysis.