| ID |
Event Description |
|
4616
|
The system time was changed
Audit Success
|
|
4624
|
An account was successfully logged on
CJIS, Audit Success, ISO 27001:2013, HIPAA, NIST SP 800-53, CMMC L1, NIST 800-171, PCI-DSS
|
|
4625
|
An account failed to log on
Audit Failure, CJIS, ISO 27001:2013, PCI-DSS, HIPAA, NIST SP 800-53, NIST 800-171, CMMC L1
|
|
4648
|
A logon was attempted using explicit credentials
Audit Success
|
|
4649
|
A replay attack was detected
Domain Controller, Audit Success, Audit Failure, PCI-DSS, HIPAA, CJIS, ISO 27001:2013
|
|
4656
|
A handle to an object was requested
Audit Failure, Audit Success, CJIS
|
|
4657
|
A registry value was modified
Audit Success
|
|
4658
|
The handle to an object was closed
Audit Success
|
|
4660
|
An object was deleted
Audit Success
|
|
4661
|
A handle to an object was requested
Domain Controller, Audit Success, Audit Failure
|
|
4663
|
An attempt was made to access an object
Audit Success, CJIS
|
|
4670
|
Permissions on an object were changed
Audit Success
|
|
4673
|
A privileged service was called
Audit Success, CMMC L2, NIST800-171, NIST800-53
|
|
4674
|
An operation was attempted on a privileged object
Audit Failure, Audit Success, CMMC L2, NIST800-171, NIST800-53
|
|
4689
|
A process has exited
Audit Success
|
|
4703
|
A token right was adjusted
Audit Success, CMMC L2, NIST800-171, NIST800-53
|
|
4904
|
An attempt was made to register a security event source
Audit Success
|
|
4905
|
An attempt was made to unregister a security event source
Audit Success
|
|
4985
|
The state of a transaction has changed
Audit Success
|