ID |
Event Description |
1102
|
The audit log was cleared
CJIS, ISO 27001:2013, PCI-DSS
|
4611
|
A trusted logon process has been registered with the Local Security Authority
Audit Success
|
4616
|
The system time was changed
Audit Success
|
4624
|
An account was successfully logged on
CJIS, Audit Success, ISO 27001:2013, HIPAA, NIST SP 800-53, CMMC L1, NIST 800-171
|
4625
|
An account failed to log on
Audit Failure, CJIS, ISO 27001:2013, PCI-DSS, HIPAA, NIST SP 800-53, NIST 800-171, CMMC L1
|
4626
|
User / Device claims information
Audit Success
|
4627
|
Group membership information
Audit Success
|
4648
|
A logon was attempted using explicit credentials
Audit Success
|
4649
|
A replay attack was detected
Domain Controller, Audit Success, Audit Failure, PCI-DSS, HIPAA, CJIS, ISO 27001:2013
|
4656
|
A handle to an object was requested
Audit Failure, Audit Success, CJIS
|
4657
|
A registry value was modified
Audit Success
|
4658
|
The handle to an object was closed
Audit Success
|
4659
|
A handle to an object was requested with intent to delete
|
4660
|
An object was deleted
Audit Success
|
4661
|
A handle to an object was requested
Domain Controller, Audit Success, Audit Failure
|
4662
|
An operation was performed on an object
Domain Controller, Audit Success, Audit Failure
|
4663
|
An attempt was made to access an object
Audit Success, CJIS
|
4664
|
An attempt was made to create a hard link
Audit Success
|
4670
|
Permissions on an object were changed
Audit Success
|
4672
|
Special privileges assigned to new logon
Audit Success
|
4673
|
A privileged service was called
Audit Success
|
4674
|
An operation was attempted on a privileged object
Audit Failure, Audit Success
|
4688
|
A new process has been created
NIST 800-171, NIST SP 800-53, Audit Success, ISO 27001:2013, CMMC L3
|
4689
|
A process has exited
Audit Success
|
4690
|
An attempt was made to duplicate a handle to an object
Audit Success
|
4692
|
Backup of data protection master key was attempted
Audit Success, Audit Failure
|
4693
|
Recovery of data protection master key was attempted
Audit Success, Audit Failure
|
4696
|
A primary token was assigned to process
Audit Success
|
4697
|
A service was installed in the system
Audit Success
|
4698
|
A scheduled task was created
Audit Success, PCI-DSS
|
4699
|
A scheduled task was deleted
Audit Success, PCI-DSS
|
4700
|
A scheduled task was enabled
Audit Success
|
4701
|
A scheduled task was disabled
Audit Success
|
4702
|
A scheduled task was updated
Audit Success, PCI-DSS
|
4703
|
A token right was adjusted
Audit Success
|
4704
|
A user right was assigned
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, CMMC L1, CMMC L3
|
4713
|
Kerberos policy was changed
Domain Controller, Audit Success
|
4717
|
System security access was granted to an account
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, CMMC L3
|
4718
|
System security access was removed from an account
ISO 27001:2013, NIST 800-171, NIST SP 800-53, CMMC L3
|
4719
|
System audit policy was changed
Audit Success
|
4720
|
A user account was created
ISO 27001:2013, NIST SP 800-53, Audit Success, PCI-DSS, NIST 800-171, CMMC L1
|
4722
|
A user account was enabled
ISO 27001:2013, NIST SP 800-53, NIST 800-171, Audit Success, PCI-DSS, CMMC L1
|
4723
|
An attempt was made to change an account's password
Audit Success, Audit Failure, CJIS
|
4724
|
An attempt was made to reset an account's password
Audit Failure, Audit Success, CJIS, ISO 27001:2013
|
4725
|
A user account was disabled
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, PCI-DSS, CMMC L1
|
4726
|
A user account was deleted
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, PCI-DSS, CMMC L1
|
4727
|
A security-enabled global group was created
Domain Controller
|
4728
|
A member was added to a security-enabled global group
Domain Controller, ISO 27001:2013, NIST 800-171, NIST SP 800-53, CMMC L1
|
4729
|
A member was removed from a security-enabled global group
Domain Controller
|
4730
|
A security-enabled global group was deleted
Domain Controller
|
4731
|
A security-enabled local group was created
Audit Success
|
4732
|
A member was added to a security-enabled local group
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, CMMC L1
|
4733
|
A member was removed from a security-enabled local group
Audit Success
|
4734
|
A security-enabled local group was deleted
Audit Success
|
4735
|
A security-enabled local group was changed
Audit Success
|
4737
|
A security-enabled global group was changed
Domain Controller
|
4738
|
A user account was changed
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, CMMC L1
|
4739
|
Domain Policy was changed
Domain Controller, NIST 800-171, NIST SP 800-53, ISO 27001:2013, Audit Success, CMMC L3
|
4740
|
A user account was locked out
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, CMMC L3
|
4741
|
A computer account was created
Domain Controller, Audit Success
|
4742
|
A computer account was changed
Domain Controller, Audit Success
|
4743
|
A computer account was deleted
Domain Controller, Audit Success
|
4744
|
A security-disabled local group was created
|
4745
|
A security-disabled local group was changed
|
4746
|
A member was added to a security-disabled local group
|
4747
|
A member was removed from a security-disabled local group
|
4748
|
A security-disabled local group was deleted
|
4749
|
A security-disabled global group was created
Domain Controller, Audit Success
|
4750
|
A security-disabled global group was changed
Domain Controller, Audit Success
|
4751
|
A member was added to a security-disabled global group
Domain Controller, Audit Success
|
4753
|
A security-disabled global group was deleted
Domain Controller, Audit Success
|
4754
|
A security-enabled universal group was created
Domain Controller
|
4755
|
A security-enabled universal group was changed
Domain Controller
|
4756
|
A member was added to a security-enabled universal group
Domain Controller, ISO 27001:2013
|
4757
|
A member was removed from a security-enabled universal group
Domain Controller
|
4758
|
A security-enabled universal group was deleted
Domain Controller
|
4759
|
A security-disabled universal group was created
Domain Controller
|
4760
|
A security-disabled universal group was changed
Domain Controller
|
4761
|
A member was added to a security-disabled universal group
Domain Controller
|
4762
|
A member was removed from a security-disabled universal group
Domain Controller
|
4763
|
A security-disabled universal group was deleted
Domain Controller
|
4764
|
A group’s type was changed
Domain Controller, Audit Success
|
4767
|
A user account was unlocked
ISO 27001:2013, Audit Success
|
4781
|
The name of an account was changed
Audit Success
|
4782
|
The password hash an account was accessed
Domain Controller, Audit Success
|
4793
|
The Password Policy Checking API was called
Domain Controller, Audit Success
|
4794
|
An attempt was made to set the Directory Services Restore Mode administrator password
Domain Controller, Audit Success, Audit Failure
|
4797
|
An attempt was made to query the existence of a blank password for an account
|
4798
|
A user's local group membership was enumerated
Audit Success
|
4799
|
A security-enabled local group membership was enumerated
Audit Success
|
4819
|
Central Access Policies on the machine have been changed
Audit Success
|
4826
|
Boot Configuration Data loaded
Audit Success
|
4904
|
An attempt was made to register a security event source
Audit Success
|
4905
|
An attempt was made to unregister a security event source
Audit Success
|
4912
|
Per User Audit Policy was changed
Audit Success
|
4985
|
The state of a transaction has changed
Audit Success
|
5136
|
A directory service object was modified
Domain Controller, Audit Success
|
5137
|
A directory service object was created
Domain Controller, Audit Success
|
5140
|
A network share object was accessed
Audit Success, Audit Failure
|
5142
|
A network share object was added
Audit Success
|
5143
|
A network share object was modified
Audit Success
|
5144
|
A network share object was deleted
Audit Success
|
6416
|
A new external device was recognized by the system.
Audit Success
|