[ossec-list] Question about alert generated by Windows Security Log event

[MDACC-Luckie]

We are working to refine the use of OSSEC for our monitoring of
security events on our systems and noticed something in the OSSEC
alerting that I have questions about.  In the security event log of
the server, the information is displayed as follows (where xxxxxxxxx
\yyyyyy is to domain\userid of the user):

Security Enabled Local Group Member Removed:
        Member Name:    -
        Member ID:      xxxxxxxxx\yyyyyy
        Target Account Name:    Administrators
        Target Domain:  Builtin
        Target Account ID:      BUILTIN\Administrators
        Caller User Name:       DDSWxxxxx$
        Caller Domain:  MxxxxxxxxN
        Caller Logon ID:        (0x0,0x3E7)
        Privileges:     -

OSSEC displays that same event as:

Security Enabled Local Group Member Removed
               Member Name: -
               Member ID: %{S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-
xxxxxxxxxx-1122}
               Target Account Name:                  Administrators
               Target Domain: Builtin
               Target Account ID: %{S-1-5-xx-xxx}
               Caller User Name: DDSWxxxxx$
               Caller Domain: MxxxxxxxxN
               Caller Logon ID: (0x0,0x3E7)
               Privileges: -

Can we get OSSEC to display the "Member ID: xxxxxxxxx\yyyyyy" instead
of "Member ID: %{S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1122}"?
Not having the domain\userid quickly visible to us delays our response
to security incidents.

Thanks in advance.