Event Log Security - Windows Event Search

ID	Event Description
4616	The system time was changed Audit Success
4624	An account was successfully logged on CJIS, Audit Success, ISO 27001:2013, HIPAA, NIST SP 800-53, CMMC L1, NIST 800-171
4625	An account failed to log on Audit Failure, CJIS, ISO 27001:2013, PCI-DSS, HIPAA, NIST SP 800-53, NIST 800-171, CMMC L1
4648	A logon was attempted using explicit credentials Audit Success
4656	A handle to an object was requested Audit Failure, Audit Success, CJIS
4657	A registry value was modified Audit Success
4658	The handle to an object was closed Audit Success
4660	An object was deleted Audit Success
4661	A handle to an object was requested Domain Controller, Audit Success, Audit Failure
4663	An attempt was made to access an object Audit Success, CJIS
4670	Permissions on an object were changed Audit Success
4673	A privileged service was called Audit Success
4674	An operation was attempted on a privileged object Audit Failure, Audit Success
4689	A process has exited Audit Success
4703	A token right was adjusted Audit Success
4904	An attempt was made to register a security event source Audit Success
4905	An attempt was made to unregister a security event source Audit Success
4985	The state of a transaction has changed Audit Success