System32
Sysmon
Events
Compliance
Validator
TLS/SSL
GeoIP
Tools
Windows Security Events
Audit Category
System
(11)
Operating Systems
Windows 10
(11)
Windows 11
(11)
Windows 2008
(11)
Windows 2008 R2
(11)
Windows 2012
(11)
Windows 2012 R2
(11)
Windows 2016
(11)
Windows 2019
(11)
Windows 2022
(11)
Windows 7
(11)
Windows 8
(11)
Windows 8.1
(11)
Windows Vista
(11)
Tags
Audit Success
(1)
Auditing
Always
(5)
Conditional
(5)
Volume
Low
(10)
Audit Subcategory
IPsec Driver
(11)
AppLocker
All AppLocker events
EventSentry
All EventSentry events
Security
All Windows Security events
Sysmon
All Sysmon events
ID
Event Description
4960
IPsec dropped an inbound packet that failed an integrity check
4961
IPsec dropped an inbound packet that failed a replay check
4962
IPsec dropped an inbound packet that failed a replay check
4963
IPsec dropped an inbound clear text packet that should have been secured
4965
IPsec received a packet from a remote computer with an incorrect Security Parameter Index (SPI)
5478
The IPsec Policy Agent service was started.
Audit Success
5479
The IPsec Policy Agent service was stopped.
5480
IPsec Policy Agent failed to get the complete list of network interfaces on the computer.
5483
The IPsec Policy Agent service failed to initialize its RPC server.
5484
The IPsec Policy Agent service experienced a critical failure and has shut down.
5485
IPsec Policy Agent failed to process some IPsec filters on a plug-and-play event for network interfaces.