EventSentry
  • System32
  • Events
  • Compliance
  • Validator
  • TLS/SSL
  • Codes
  • GeoIP
  • Tools







Audit Category
  • Object Access (7)
  • Logon/Logoff (3)
  • Policy Change (3)
  • Privilege Use (2)
  • DS Access (1)
  • Detailed Tracking (1)
  • System (1)
Audit Subcategory
  • File System (6)
  • Registry (6)
  • Kernel Object (4)
  • Logon (3)
  • Removable Storage (3)
  • Audit Policy Change (2)
  • Authorization Policy Change (2)
  • Sensitive Privilege Use (2)
  • Account Lockout (1)
  • Authentication Policy Change (1)
  • Directory Service Access (1)
  • Handle Manipulation (1)
  • Non Sensitive Privilege Use (1)
  • Process Termination (1)
  • SAM (1)
  • Security State Change (1)
Operating Systems
  • Windows 10 (18)
  • Windows 2016 (18)
  • Windows 2019 (18)
  • Windows 2008 (17)
  • Windows 2008 R2 (17)
  • Windows 2012 (17)
  • Windows 2012 R2 (17)
  • Windows 7 (17)
  • Windows 8 (17)
  • Windows 8.1 (17)
  • Windows Vista (17)
Tags
  • Audit Success (17)
  • Audit Failure (4)
  • CJIS (4)
  • CMMC L1 (2)
  • HIPAA (2)
  • ISO 27001:2013 (2)
  • NIST 800-171 (2)
  • NIST SP 800-53 (2)
  • Domain Controller (1)
  • PCI-DSS (1)
Auditing
  • Always (5)
  • Conditional (4)
  • Rarely (1)
Volume
  • High (5)
  • Medium (5)
  • Low (4)
  • Very high (4)
EventSentry
  • All events
ID Event Description
4616 The system time was changed
Audit Success
4624 An account was successfully logged on
CJIS, Audit Success, ISO 27001:2013, HIPAA, NIST SP 800-53, CMMC L1, NIST 800-171
4625 An account failed to log on
Audit Failure, CJIS, ISO 27001:2013, PCI-DSS, HIPAA, NIST SP 800-53, NIST 800-171, CMMC L1
4648 A logon was attempted using explicit credentials
Audit Success
4656 A handle to an object was requested
Audit Failure, Audit Success, CJIS
4657 A registry value was modified
Audit Success
4658 The handle to an object was closed
Audit Success
4660 An object was deleted
Audit Success
4661 A handle to an object was requested
Domain Controller, Audit Success, Audit Failure
4663 An attempt was made to access an object
Audit Success, CJIS
4670 Permissions on an object were changed
Audit Success
4673 A privileged service was called
Audit Success
4674 An operation was attempted on a privileged object
Audit Failure, Audit Success
4689 A process has exited
Audit Success
4703 A token right was adjusted
Audit Success
4904 An attempt was made to register a security event source
Audit Success
4905 An attempt was made to unregister a security event source
Audit Success
4985 The state of a transaction has changed
Audit Success



© netikus.net ltd 2002-2022 | EventSentry | Event Log Messages | Privacy Policy