| ID | Event Description |
|---|---|
| 1101 |
Audit Events Have Been Dropped By The Transport
CJIS, PCI-DSS, ISO 27001:2013
|
| 1102 |
The audit log was cleared
CJIS, ISO 27001:2013, PCI-DSS
|
| 1104 |
The security event log is now full
CJIS, PCI-DSS, ISO 27001:2013
|
| 4624 |
An account was successfully logged on
CJIS, Audit Success, ISO 27001:2013, HIPAA, NIST SP 800-53, CMMC L1, NIST 800-171
|
| 4625 |
An account failed to log on
Audit Failure, CJIS, ISO 27001:2013, PCI-DSS, HIPAA, NIST SP 800-53, NIST 800-171, CMMC L1
|
| 4649 |
A replay attack was detected
Domain Controller, Audit Success, Audit Failure, PCI-DSS, HIPAA, CJIS, ISO 27001:2013
|
| 4688 |
A new process has been created
NIST 800-171, NIST SP 800-53, Audit Success, ISO 27001:2013, CMMC L3
|
| 4704 |
A user right was assigned
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, CMMC L1, CMMC L3
|
| 4705 |
A user right was removed
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, CMMC L1, CMMC L3
|
| 4717 |
System security access was granted to an account
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, CMMC L3
|
| 4718 |
System security access was removed from an account
ISO 27001:2013, NIST 800-171, NIST SP 800-53, CMMC L3
|
| 4720 |
A user account was created
ISO 27001:2013, NIST SP 800-53, Audit Success, PCI-DSS, NIST 800-171, CMMC L1
|
| 4722 |
A user account was enabled
ISO 27001:2013, NIST SP 800-53, NIST 800-171, Audit Success, PCI-DSS, CMMC L1
|
| 4724 |
An attempt was made to reset an account's password
Audit Failure, Audit Success, CJIS, ISO 27001:2013
|
| 4725 |
A user account was disabled
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, PCI-DSS, CMMC L1
|
| 4726 |
A user account was deleted
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, PCI-DSS, CMMC L1
|
| 4728 |
A member was added to a security-enabled global group
Domain Controller, ISO 27001:2013, NIST 800-171, NIST SP 800-53, CMMC L1
|
| 4732 |
A member was added to a security-enabled local group
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, CMMC L1
|
| 4738 |
A user account was changed
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, CMMC L1
|
| 4739 |
Domain Policy was changed
Domain Controller, NIST 800-171, NIST SP 800-53, ISO 27001:2013, Audit Success, CMMC L3
|
| 4740 |
A user account was locked out
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, CMMC L3
|
| 4756 |
A member was added to a security-enabled universal group
Domain Controller, ISO 27001:2013
|
| 4767 |
A user account was unlocked
ISO 27001:2013, Audit Success
|
| 4768 |
This event generates every time Key Distribution Center issues a Kerberos Ticket Granting Ticket (TGT).
Domain Controller, Audit Success, Audit Failure, CJIS, ISO 27001:2013, PCI-DSS, NIST 800-171, NIST SP 800-53
|
| 4769 |
A Kerberos service ticket was requested
Domain Controller, Audit Success, Audit Failure, CJIS, ISO 27001:2013, HIPAA, NIST 800-171, NIST SP 800-53, CMMC L1
|
| 4771 |
Kerberos pre-authentication failed
Domain Controller, Audit Failure, CJIS, ISO 27001:2013, PCI-DSS, HIPAA, NIST 800-171, NIST SP 800-53, CMMC L3
|
| 4776 |
The computer attempted to validate the credentials for an account
Audit Failure, Audit Success, CJIS, ISO 27001:2013, PCI-DSS, HIPAA, NIST 800-171, NIST SP 800-53, CMMC L1
|
| 4800 |
The workstation was locked
Audit Success, ISO 27001:2013, NIST 800-171, NIST SP 800-53, CMMC L3
|
| 4801 |
The workstation was unlocked
ISO 27001:2013, Audit Success, NIST 800-171, NIST SP 800-53, CMMC L3
|
| 4802 |
The screen saver was invoked
ISO 27001:2013, Audit Success, NIST 800-171, NIST SP 800-53, CMMC L3
|
| 4803 |
The screen saver was dismissed
ISO 27001:2013, Audit Success, NIST 800-171, NIST SP 800-53, CMMC L3
|