EventSentry
  • System32
  • Events
  • Compliance
  • Validator
  • TLS/SSL
  • PingSentry
  • GeoIP
  • Tools







Audit Category
  • Object Access (7)
  • Account Logon (2)
  • Logon/Logoff (2)
  • DS Access (1)
Audit Subcategory
  • Filtering Platform Connection (2)
  • Filtering Platform Packet Drop (2)
  • Kerberos Service Ticket Operations (2)
  • Other Logon/Logoff Events (2)
  • Central Access Policy Staging (1)
  • Directory Service Access (1)
  • File System (1)
  • Handle Manipulation (1)
  • Kernel Object (1)
  • Registry (1)
  • SAM (1)
Operating Systems
  • Windows 2012 (12)
  • Windows 2012 R2 (12)
  • Windows 2016 (12)
  • Windows 2019 (12)
  • Windows 2008 (11)
  • Windows 2008 R2 (11)
  • Windows 10 (10)
  • Windows 8 (10)
  • Windows 8.1 (10)
  • Windows 7 (9)
  • Windows Vista (9)
Tags
  • Audit Success (11)
  • Audit Failure (3)
  • Domain Controller (3)
  • ISO 27001:2013 (3)
  • NIST 800-171 (3)
  • NIST SP 800-53 (3)
  • CMMC L3 (2)
  • CJIS (1)
  • CMMC L1 (1)
  • HIPAA (1)
Auditing
  • Rarely (12)
Volume
  • High (7)
  • Very high (6)
  • Medium (4)
  • Low (2)
EventSentry
  • All events
ID Event Description
4660 An object was deleted
Audit Success
4661 A handle to an object was requested
Domain Controller, Audit Success, Audit Failure
4690 An attempt was made to duplicate a handle to an object
Audit Success
4769 A Kerberos service ticket was requested
Domain Controller, Audit Success, Audit Failure, CJIS, ISO 27001:2013, HIPAA, NIST 800-171, NIST SP 800-53, CMMC L1
4770 A Kerberos service ticket was renewed
Domain Controller, Audit Success
4802 The screen saver was invoked
ISO 27001:2013, Audit Success, NIST 800-171, NIST SP 800-53, CMMC L3
4803 The screen saver was dismissed
ISO 27001:2013, Audit Success, NIST 800-171, NIST SP 800-53, CMMC L3
4818 Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy
Audit Success
5152 The Windows Filtering Platform has blocked a packet.
Audit Failure
5153 A more restrictive Windows Filtering Platform filter has blocked a packet.
Audit Success
5156 The Windows Filtering Platform has allowed a connection.
Audit Success
5158 The Windows Filtering Platform has permitted a bind to a local port.
Audit Success



© netikus.net ltd 2002-2023 | EventSentry | Event Log Messages | Codes | AppLocker | Privacy Policy