| ID | Event Description |
|---|---|
| 1100 |
The event logging service has shut down
Audit Success, PCI-DSS
|
| 1101 |
Audit Events Have Been Dropped By The Transport
CJIS, PCI-DSS, ISO 27001:2013
|
| 1102 |
The audit log was cleared
CJIS, ISO 27001:2013, PCI-DSS
|
| 1104 |
The security event log is now full
CJIS, PCI-DSS, ISO 27001:2013
|
| 4608 |
Windows is starting up
Audit Success, PCI-DSS
|
| 4625 |
An account failed to log on
Audit Failure, CJIS, ISO 27001:2013, PCI-DSS, HIPAA, NIST SP 800-53, NIST 800-171, CMMC L1
|
| 4649 |
A replay attack was detected
Domain Controller, Audit Success, Audit Failure, PCI-DSS, HIPAA, CJIS, ISO 27001:2013
|
| 4698 |
A scheduled task was created
Audit Success, PCI-DSS
|
| 4699 |
A scheduled task was deleted
Audit Success, PCI-DSS
|
| 4702 |
A scheduled task was updated
Audit Success, PCI-DSS
|
| 4720 |
A user account was created
ISO 27001:2013, NIST SP 800-53, Audit Success, PCI-DSS, NIST 800-171, CMMC L1
|
| 4722 |
A user account was enabled
ISO 27001:2013, NIST SP 800-53, NIST 800-171, Audit Success, PCI-DSS, CMMC L1
|
| 4725 |
A user account was disabled
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, PCI-DSS, CMMC L1
|
| 4726 |
A user account was deleted
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, PCI-DSS, CMMC L1
|
| 4768 |
This event generates every time Key Distribution Center issues a Kerberos Ticket Granting Ticket (TGT).
Domain Controller, Audit Success, Audit Failure, CJIS, ISO 27001:2013, PCI-DSS, NIST 800-171, NIST SP 800-53
|
| 4771 |
Kerberos pre-authentication failed
Domain Controller, Audit Failure, CJIS, ISO 27001:2013, PCI-DSS, HIPAA, NIST 800-171, NIST SP 800-53, CMMC L3
|
| 4776 |
The computer attempted to validate the credentials for an account
Audit Failure, Audit Success, CJIS, ISO 27001:2013, PCI-DSS, HIPAA, NIST 800-171, NIST SP 800-53, CMMC L1
|