Event Log Security - Windows Event Search

ID	Event Description
4720	A user account was created ISO 27001:2013, NIST SP 800-53, Audit Success, PCI-DSS, NIST 800-171, CMMC L1
4722	A user account was enabled ISO 27001:2013, NIST SP 800-53, NIST 800-171, Audit Success, PCI-DSS, CMMC L1
4723	An attempt was made to change an account's password Audit Success, Audit Failure, CJIS
4724	An attempt was made to reset an account's password Audit Failure, Audit Success, CJIS, ISO 27001:2013
4725	A user account was disabled ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, PCI-DSS, CMMC L1
4726	A user account was deleted ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, PCI-DSS, CMMC L1
4738	A user account was changed ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, CMMC L1
4740	A user account was locked out ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, CMMC L3
4765	SID History was added to an account Domain Controller, Audit Success
4766	An attempt to add SID History to an account failed Domain Controller, Audit Failure
4767	A user account was unlocked ISO 27001:2013, Audit Success
4780	The ACL was set on accounts which are members of administrators groups Domain Controller, Audit Success
4781	The name of an account was changed Audit Success
4794	An attempt was made to set the Directory Services Restore Mode administrator password Domain Controller, Audit Success, Audit Failure
4797	An attempt was made to query the existence of a blank password for an account
4798	A user's local group membership was enumerated Audit Success
5376	Credential Manager credentials were backed up. Audit Success
5377	Credential Manager credentials were restored from a backup. Audit Success