| ID |
Event Description |
|
4624
|
An account was successfully logged on
CJIS, Audit Success, ISO 27001:2013, HIPAA, NIST SP 800-53, CMMC L1, NIST 800-171, PCI-DSS
|
|
4688
|
A new process has been created
NIST 800-171, NIST SP 800-53, Audit Success, ISO 27001:2013, CMMC L3
|
|
4689
|
A process has exited
Audit Success
|
|
4690
|
An attempt was made to duplicate a handle to an object
Audit Success
|
|
4691
|
Indirect access to an object was requested
Audit Success
|
|
4697
|
A service was installed in the system
Audit Success
|
|
4698
|
A scheduled task was created
Audit Success, PCI-DSS
|
|
4699
|
A scheduled task was deleted
Audit Success, PCI-DSS
|
|
4700
|
A scheduled task was enabled
Audit Success
|
|
4701
|
A scheduled task was disabled
Audit Success
|
|
4702
|
A scheduled task was updated
Audit Success, PCI-DSS
|
|
4703
|
A token right was adjusted
Audit Success
|
|
4704
|
A user right was assigned
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, CMMC L1, CMMC L3
|
|
4705
|
A user right was removed
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, CMMC L1, CMMC L3
|
|
4719
|
System audit policy was changed
Audit Success
|
|
4720
|
A user account was created
ISO 27001:2013, NIST SP 800-53, Audit Success, PCI-DSS, NIST 800-171, CMMC L1
|
|
4722
|
A user account was enabled
ISO 27001:2013, NIST SP 800-53, NIST 800-171, Audit Success, PCI-DSS, CMMC L1
|
|
4723
|
An attempt was made to change an account's password
Audit Success, Audit Failure, CJIS
|
|
4724
|
An attempt was made to reset an account's password
Audit Failure, Audit Success, CJIS, ISO 27001:2013
|
|
4725
|
A user account was disabled
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, PCI-DSS, CMMC L1
|
|
4726
|
A user account was deleted
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, PCI-DSS, CMMC L1
|
|
4727
|
A security-enabled global group was created
Domain Controller
|
|
4728
|
A member was added to a security-enabled global group
Domain Controller, ISO 27001:2013, NIST 800-171, NIST SP 800-53, CMMC L1
|
|
4729
|
A member was removed from a security-enabled global group
Domain Controller
|
|
4730
|
A security-enabled global group was deleted
Domain Controller
|
|
4731
|
A security-enabled local group was created
Audit Success
|
|
4732
|
A member was added to a security-enabled local group
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, CMMC L1
|
|
4733
|
A member was removed from a security-enabled local group
Audit Success
|
|
4734
|
A security-enabled local group was deleted
Audit Success
|
|
4735
|
A security-enabled local group was changed
Audit Success
|
|
4737
|
A security-enabled global group was changed
Domain Controller
|
|
4738
|
A user account was changed
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, CMMC L1
|
|
4740
|
A user account was locked out
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, CMMC L3
|
|
4741
|
A computer account was created
Domain Controller, Audit Success
|
|
4742
|
A computer account was changed
Domain Controller, Audit Success
|
|
4743
|
A computer account was deleted
Domain Controller, Audit Success
|
|
4744
|
A security-disabled local group was created
|
|
4745
|
A security-disabled local group was changed
|
|
4746
|
A member was added to a security-disabled local group
|
|
4747
|
A member was removed from a security-disabled local group
|
|
4748
|
A security-disabled local group was deleted
|
|
4749
|
A security-disabled global group was created
Domain Controller, Audit Success
|
|
4750
|
A security-disabled global group was changed
Domain Controller, Audit Success
|
|
4751
|
A member was added to a security-disabled global group
Domain Controller, Audit Success
|
|
4752
|
A member was removed from a security-disabled global group
Domain Controller, Audit Success
|
|
4753
|
A security-disabled global group was deleted
Domain Controller, Audit Success
|
|
4754
|
A security-enabled universal group was created
Domain Controller
|
|
4755
|
A security-enabled universal group was changed
Domain Controller
|
|
4756
|
A member was added to a security-enabled universal group
Domain Controller, ISO 27001:2013
|
|
4757
|
A member was removed from a security-enabled universal group
Domain Controller
|
|
4758
|
A security-enabled universal group was deleted
Domain Controller
|
|
4759
|
A security-disabled universal group was created
Domain Controller
|
|
4760
|
A security-disabled universal group was changed
Domain Controller
|
|
4761
|
A member was added to a security-disabled universal group
Domain Controller
|
|
4762
|
A member was removed from a security-disabled universal group
Domain Controller
|
|
4763
|
A security-disabled universal group was deleted
Domain Controller
|
|
4764
|
A group’s type was changed
Domain Controller, Audit Success
|
|
4771
|
Kerberos pre-authentication failed
Domain Controller, Audit Failure, CJIS, ISO 27001:2013, PCI-DSS, HIPAA, NIST 800-171, NIST SP 800-53, CMMC-L2
|
|
5168
|
Spn check for SMB/SMB2 fails.
Audit Failure
|
|
5169
|
A directory service object was modified.
Domain Controller, Audit Success, Audit Failure
|
|
5376
|
Credential Manager credentials were backed up.
Audit Success
|
|
5377
|
Credential Manager credentials were restored from a backup.
Audit Success
|
|
5378
|
The requested credentials delegation was disallowed by policy.
Audit Failure
|
|
5440
|
The following callout was present when the Windows Filtering Platform Base Filtering Engine started.
|
|
5442
|
The following provider was present when the Windows Filtering Platform Base Filtering Engine started.
|
|
5444
|
The following sub-layer was present when the Windows Filtering Platform Base Filtering Engine started.
|
|
5446
|
A Windows Filtering Platform callout has been changed.
|
|
5447
|
A Windows Filtering Platform filter has been changed.
Audit Success
|
|
5448
|
A Windows Filtering Platform provider has been changed.
|
|
5449
|
A Windows Filtering Platform provider context has been changed.
|
|
5450
|
A Windows Filtering Platform sub-layer has been changed.
|
|
5451
|
An IPsec quick mode security association was established.
|
|
5452
|
An IPsec quick mode security association ended.
|
|
5453
|
An IPsec negotiation with a remote computer failed.
Audit Success
|
|
5456
|
IPsec Policy Agent applied Active Directory storage IPsec policy on the computer.
|
|
5457
|
IPsec Policy Agent failed to apply Active Directory storage IPsec policy on the computer.
|
|
5459
|
IPsec Policy Agent failed to apply locally cached copy of Active Directory storage IPsec policy on the computer.
|
|
5460
|
IPsec Policy Agent applied local registry storage IPsec policy on the computer.
|
|
5461
|
PAStore Engine failed to apply local registry storage IPsec policy on the computer
|
|
5462
|
PAStore Engine failed to apply some rules of the active IPsec policy on the computer
|
|
5463
|
PAStore Engine polled for changes to the active IPsec policy and detected no changes
|
|
5464
|
PAStore Engine polled for changes to the active IPsec policy, detected changes, and applied them to IPsec Services
|
|
5465
|
PAStore Engine received a control for forced reloading of IPsec policy and processed the control successfully
|
|
5632
|
A request was made to authenticate to a wireless network.
Audit Success, Audit Failure
|