EventSentry
  • System32
  • Events
  • Compliance
  • Validator
  • TLS/SSL
  • PingSentry
  • GeoIP
  • Tools







Audit Category
  • Detailed Tracking (23)
Audit Subcategory
  • Plug and Play Events (7)
  • PnP Activity (7)
  • DPAPI Activity (4)
  • Process Creation (2)
  • Process Termination (1)
  • RPC Events (1)
Operating Systems
  • Windows 10 (14)
  • Windows 2016 (14)
  • Windows 2019 (14)
  • Windows 2003 (8)
  • Windows 2008 (8)
  • Windows Vista (8)
  • Windows XP (8)
  • Windows 2008 R2 (7)
  • Windows 2012 (7)
  • Windows 2012 R2 (7)
  • Windows 7 (7)
  • Windows 8 (7)
  • Windows 8.1 (7)
  • Windows Server 2000 (6)
Tags
  • Audit Success (15)
  • Audit Failure (4)
  • CMMC L3 (1)
  • ISO 27001:2013 (1)
  • NIST 800-171 (1)
  • NIST SP 800-53 (1)
Auditing
  • Always (6)
Volume
  • Low (4)
  • High (2)
  • Medium (2)
EventSentry
  • All events
ID Event Description
4688 A new process has been created
NIST 800-171, NIST SP 800-53, Audit Success, ISO 27001:2013, CMMC L3
4689 A process has exited
Audit Success
4692 Backup of data protection master key was attempted
Audit Success, Audit Failure
4693 Recovery of data protection master key was attempted
Audit Success, Audit Failure
4694 Protection of auditable protected data was attempted
Audit Success, Audit Failure
4695 Unprotection of auditable protected data was attempted
Audit Success, Audit Failure
4696 A primary token was assigned to process
Audit Success
5712 A Remote Procedure Call (RPC) was attempted.
Audit Success
6416 A new external device was recognized by the system.
Audit Success
6419 A request was made to disable a device.
Audit Success
6420 A device was disabled.
Audit Success
6421 A request was made to enable a device.
Audit Success
6422 A device was enabled.
Audit Success
6423 The installation of this device is forbidden by system policy.
Audit Success
6424 The installation of this device was allowed, after having previously been forbidden by policy.
Audit Success
592 A new process has been created
593 A process has exited
594 A handle to an object has been duplicated
595 Indirect access to an object has been obtained
596 Backup of data protection master key
600 A process was assigned a primary token
601 Attempt to install service
602 Scheduled Task created



© netikus.net ltd 2002-2023 | EventSentry | Event Log Messages | Codes | AppLocker | Privacy Policy