Event Log Security - Windows Event Search

ID	Event Description
4660	An object was deleted Audit Success
4661	A handle to an object was requested Domain Controller, Audit Success, Audit Failure
4690	An attempt was made to duplicate a handle to an object Audit Success
4769	A Kerberos service ticket was requested Domain Controller, Audit Success, Audit Failure, CJIS, ISO 27001:2013, HIPAA, NIST 800-171, NIST SP 800-53, CMMC L1
4770	A Kerberos service ticket was renewed Domain Controller, Audit Success
4802	The screen saver was invoked ISO 27001:2013, Audit Success, NIST 800-171, NIST SP 800-53, CMMC L3
4803	The screen saver was dismissed ISO 27001:2013, Audit Success, NIST 800-171, NIST SP 800-53, CMMC L3
4818	Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy Audit Success
5152	The Windows Filtering Platform has blocked a packet. Audit Failure
5153	A more restrictive Windows Filtering Platform filter has blocked a packet. Audit Success
5156	The Windows Filtering Platform has allowed a connection. Audit Success
5157	The Windows Filtering Platform has blocked a connection. Audit Failure
5158	The Windows Filtering Platform has permitted a bind to a local port. Audit Success