| ID |
Event Description |
|
4688
|
A new process has been created
NIST 800-171, NIST SP 800-53, Audit Success, ISO 27001:2013, CMMC L3
|
|
4689
|
A process has exited
Audit Success
|
|
4692
|
Backup of data protection master key was attempted
Audit Success, Audit Failure
|
|
4693
|
Recovery of data protection master key was attempted
Audit Success, Audit Failure
|
|
4694
|
Protection of auditable protected data was attempted
Audit Success, Audit Failure
|
|
4695
|
Unprotection of auditable protected data was attempted
Audit Success, Audit Failure
|
|
4696
|
A primary token was assigned to process
Audit Success
|
|
5712
|
A Remote Procedure Call (RPC) was attempted.
Audit Success
|
|
6416
|
A new external device was recognized by the system.
Audit Success
|
|
6419
|
A request was made to disable a device.
Audit Success
|
|
6420
|
A device was disabled.
Audit Success
|
|
6421
|
A request was made to enable a device.
Audit Success
|
|
6422
|
A device was enabled.
Audit Success
|
|
6423
|
The installation of this device is forbidden by system policy.
Audit Success
|
|
6424
|
The installation of this device was allowed, after having previously been forbidden by policy.
Audit Success
|
|
592
|
A new process has been created
|
|
593
|
A process has exited
|
|
594
|
A handle to an object has been duplicated
|
|
595
|
Indirect access to an object has been obtained
|
|
596
|
Backup of data protection master key
|
|
600
|
A process was assigned a primary token
|
|
601
|
Attempt to install service
|
|
602
|
Scheduled Task created
|