System32
Events
Compliance
Validator
TLS/SSL
PingSentry
GeoIP
Tools
Audit Category
Object Access
(7)
Account Logon
(2)
Logon/Logoff
(2)
DS Access
(1)
Audit Subcategory
Filtering Platform Connection
(2)
Filtering Platform Packet Drop
(2)
Kerberos Service Ticket Operations
(2)
Other Logon/Logoff Events
(2)
Central Access Policy Staging
(1)
Directory Service Access
(1)
File System
(1)
Handle Manipulation
(1)
Kernel Object
(1)
Registry
(1)
SAM
(1)
Operating Systems
Windows 2012
(12)
Windows 2012 R2
(12)
Windows 2016
(12)
Windows 2019
(12)
Windows 2008
(11)
Windows 2008 R2
(11)
Windows 10
(10)
Windows 8
(10)
Windows 8.1
(10)
Windows 7
(9)
Windows Vista
(9)
Tags
Audit Success
(11)
Audit Failure
(3)
Domain Controller
(3)
ISO 27001:2013
(3)
NIST 800-171
(3)
NIST SP 800-53
(3)
CMMC L3
(2)
CJIS
(1)
CMMC L1
(1)
HIPAA
(1)
Auditing
Rarely
(12)
Volume
High
(7)
Very high
(6)
Medium
(4)
Low
(2)
EventSentry
All events
ID
Event Description
4660
An object was deleted
Audit Success
4661
A handle to an object was requested
Domain Controller, Audit Success, Audit Failure
4690
An attempt was made to duplicate a handle to an object
Audit Success
4769
A Kerberos service ticket was requested
Domain Controller, Audit Success, Audit Failure, CJIS, ISO 27001:2013, HIPAA, NIST 800-171, NIST SP 800-53, CMMC L1
4770
A Kerberos service ticket was renewed
Domain Controller, Audit Success
4802
The screen saver was invoked
ISO 27001:2013, Audit Success, NIST 800-171, NIST SP 800-53, CMMC L3
4803
The screen saver was dismissed
ISO 27001:2013, Audit Success, NIST 800-171, NIST SP 800-53, CMMC L3
4818
Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy
Audit Success
5152
The Windows Filtering Platform has blocked a packet.
Audit Failure
5153
A more restrictive Windows Filtering Platform filter has blocked a packet.
Audit Success
5156
The Windows Filtering Platform has allowed a connection.
Audit Success
5158
The Windows Filtering Platform has permitted a bind to a local port.
Audit Success