ID |
Event Description |
4618
|
A monitored security event pattern has occurred.
Audit Success
|
4624
|
An account was successfully logged on
CJIS, Audit Success, ISO 27001:2013, HIPAA, NIST SP 800-53, CMMC L1, NIST 800-171
|
4625
|
An account failed to log on
Audit Failure, CJIS, ISO 27001:2013, PCI-DSS, HIPAA, NIST SP 800-53, NIST 800-171, CMMC L1
|
4626
|
User / Device claims information
Audit Success
|
4627
|
Group membership information
Audit Success
|
4634
|
An account was logged off
Audit Success
|
4647
|
User initiated logoff
Audit Success
|
4648
|
A logon was attempted using explicit credentials
Audit Success
|
4649
|
A replay attack was detected
Domain Controller, Audit Success, Audit Failure, PCI-DSS, HIPAA, CJIS, ISO 27001:2013
|
4688
|
A new process has been created
NIST 800-171, NIST SP 800-53, Audit Success, ISO 27001:2013, CMMC L3
|
4696
|
A primary token was assigned to process
Audit Success
|
4703
|
A token right was adjusted
Audit Success
|
4720
|
A user account was created
ISO 27001:2013, NIST SP 800-53, Audit Success, PCI-DSS, NIST 800-171, CMMC L1
|
4722
|
A user account was enabled
ISO 27001:2013, NIST SP 800-53, NIST 800-171, Audit Success, PCI-DSS, CMMC L1
|
4723
|
An attempt was made to change an account's password
Audit Success, Audit Failure, CJIS
|
4724
|
An attempt was made to reset an account's password
Audit Failure, Audit Success, CJIS, ISO 27001:2013
|
4725
|
A user account was disabled
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, PCI-DSS, CMMC L1
|
4726
|
A user account was deleted
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, PCI-DSS, CMMC L1
|
4727
|
A security-enabled global group was created
Domain Controller
|
4728
|
A member was added to a security-enabled global group
Domain Controller, ISO 27001:2013, NIST 800-171, NIST SP 800-53, CMMC L1
|
4729
|
A member was removed from a security-enabled global group
Domain Controller
|
4730
|
A security-enabled global group was deleted
Domain Controller
|
4731
|
A security-enabled local group was created
Audit Success
|
4732
|
A member was added to a security-enabled local group
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, CMMC L1
|
4733
|
A member was removed from a security-enabled local group
Audit Success
|
4734
|
A security-enabled local group was deleted
Audit Success
|
4735
|
A security-enabled local group was changed
Audit Success
|
4737
|
A security-enabled global group was changed
Domain Controller
|
4738
|
A user account was changed
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, CMMC L1
|
4740
|
A user account was locked out
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, CMMC L3
|
4741
|
A computer account was created
Domain Controller, Audit Success
|
4742
|
A computer account was changed
Domain Controller, Audit Success
|
4743
|
A computer account was deleted
Domain Controller, Audit Success
|
4744
|
A security-disabled local group was created
|
4745
|
A security-disabled local group was changed
|
4746
|
A member was added to a security-disabled local group
|
4747
|
A member was removed from a security-disabled local group
|
4748
|
A security-disabled local group was deleted
|
4749
|
A security-disabled global group was created
Domain Controller, Audit Success
|
4750
|
A security-disabled global group was changed
Domain Controller, Audit Success
|
4751
|
A member was added to a security-disabled global group
Domain Controller, Audit Success
|
4752
|
A member was removed from a security-disabled global group
Domain Controller, Audit Success
|
4753
|
A security-disabled global group was deleted
Domain Controller, Audit Success
|
4754
|
A security-enabled universal group was created
Domain Controller
|
4755
|
A security-enabled universal group was changed
Domain Controller
|
4756
|
A member was added to a security-enabled universal group
Domain Controller, ISO 27001:2013
|
4757
|
A member was removed from a security-enabled universal group
Domain Controller
|
4758
|
A security-enabled universal group was deleted
Domain Controller
|
4759
|
A security-disabled universal group was created
Domain Controller
|
4760
|
A security-disabled universal group was changed
Domain Controller
|
4761
|
A member was added to a security-disabled universal group
Domain Controller
|
4762
|
A member was removed from a security-disabled universal group
Domain Controller
|
4763
|
A security-disabled universal group was deleted
Domain Controller
|
4764
|
A group’s type was changed
Domain Controller, Audit Success
|
4767
|
A user account was unlocked
ISO 27001:2013, Audit Success
|
4768
|
This event generates every time Key Distribution Center issues a Kerberos Ticket Granting Ticket (TGT).
Domain Controller, Audit Success, Audit Failure, CJIS, ISO 27001:2013, PCI-DSS, NIST 800-171, NIST SP 800-53
|
4769
|
A Kerberos service ticket was requested
Domain Controller, Audit Success, Audit Failure, CJIS, ISO 27001:2013, HIPAA, NIST 800-171, NIST SP 800-53, CMMC L1
|
4770
|
A Kerberos service ticket was renewed
Domain Controller, Audit Success
|
4771
|
Kerberos pre-authentication failed
Domain Controller, Audit Failure, CJIS, ISO 27001:2013, PCI-DSS, HIPAA, NIST 800-171, NIST SP 800-53, CMMC L3
|
4776
|
The computer attempted to validate the credentials for an account
Audit Failure, Audit Success, CJIS, ISO 27001:2013, PCI-DSS, HIPAA, NIST 800-171, NIST SP 800-53, CMMC L1
|
4782
|
The password hash an account was accessed
Domain Controller, Audit Success
|
4793
|
The Password Policy Checking API was called
Domain Controller, Audit Success
|
4797
|
An attempt was made to query the existence of a blank password for an account
|
4798
|
A user's local group membership was enumerated
Audit Success
|
4799
|
A security-enabled local group membership was enumerated
Audit Success
|
4800
|
The workstation was locked
Audit Success, ISO 27001:2013, NIST 800-171, NIST SP 800-53, CMMC L3
|
4801
|
The workstation was unlocked
ISO 27001:2013, Audit Success, NIST 800-171, NIST SP 800-53, CMMC L3
|