Key Security Events for ISO 27001:2013 Compliance

Account Logon
Credential Validation
The computer attempted to validate the credentials for an account
Kerberos Authentication Service
This event generates every time Key Distribution Center issues a Kerberos Ticket Granting Ticket (TGT).
Kerberos pre-authentication failed
Kerberos Service Ticket Operations
A Kerberos service ticket was requested
Account Management
Security Group Management
A member was added to a security-enabled global group
A member was added to a security-enabled local group
A member was added to a security-enabled universal group
User Account Management
A user account was created
A user account was enabled
An attempt was made to reset an account's password
A user account was disabled
A user account was deleted
A user account was changed
A user account was locked out
A user account was unlocked
Detailed Tracking
Process Creation
A new process has been created
Logon/Logoff
Logon
An account was successfully logged on
Logon, Account Lockout
An account failed to log on
Other Logon/Logoff Events
A replay attack was detected
The workstation was locked
The workstation was unlocked
The screen saver was invoked
The screen saver was dismissed
Non Audit (Event Log)
Other Events (Log Clear)
The audit log was cleared
Policy Change
Authentication Policy Change
System security access was granted to an account
System security access was removed from an account
Domain Policy was changed
Authorization Policy Change
A user right was assigned
A user right was removed

Don't miss these events

Check your audit settings now

Validator





Audit Policy Requirements


Category Subcategory Audit Type
Policy Change Authentication Policy Change Success
Policy Change Authorization Policy Change Success
Account Logon Credential Validation Success, Failure
Account Logon Kerberos Authentication Service Failure
Account Logon Kerberos Service Ticket Operations Success, Failure
Logon/Logoff Logon Success
Logon/Logoff Logon, Account Lockout Failure
Logon/Logoff Other Logon/Logoff Events Success
Detailed Tracking Process Creation Success
Account Management Security Group Management Success
Account Management User Account Management Success