Windows Security Events

ID	Event Description
1100	The event logging service has shut down Audit Success, PCI-DSS
1101	Audit Events Have Been Dropped By The Transport CJIS, PCI-DSS, ISO 27001:2013
1102	The audit log was cleared CJIS, ISO 27001:2013, PCI-DSS
1104	The security event log is now full CJIS, PCI-DSS, ISO 27001:2013
4608	Windows is starting up Audit Success, PCI-DSS
4625	An account failed to log on Audit Failure, CJIS, ISO 27001:2013, PCI-DSS, HIPAA, NIST SP 800-53, NIST 800-171, CMMC L1
4649	A replay attack was detected Domain Controller, Audit Success, Audit Failure, PCI-DSS, HIPAA, CJIS, ISO 27001:2013
4698	A scheduled task was created Audit Success, PCI-DSS
4699	A scheduled task was deleted Audit Success, PCI-DSS
4702	A scheduled task was updated Audit Success, PCI-DSS
4720	A user account was created ISO 27001:2013, NIST SP 800-53, Audit Success, PCI-DSS, NIST 800-171, CMMC L1
4722	A user account was enabled ISO 27001:2013, NIST SP 800-53, NIST 800-171, Audit Success, PCI-DSS, CMMC L1
4725	A user account was disabled ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, PCI-DSS, CMMC L1
4726	A user account was deleted ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, PCI-DSS, CMMC L1
4768	This event generates every time Key Distribution Center issues a Kerberos Ticket Granting Ticket (TGT). Domain Controller, Audit Success, Audit Failure, CJIS, ISO 27001:2013, PCI-DSS, NIST 800-171, NIST SP 800-53
4771	Kerberos pre-authentication failed Domain Controller, Audit Failure, CJIS, ISO 27001:2013, PCI-DSS, HIPAA, NIST 800-171, NIST SP 800-53, CMMC L3
4776	The computer attempted to validate the credentials for an account Audit Failure, Audit Success, CJIS, ISO 27001:2013, PCI-DSS, HIPAA, NIST 800-171, NIST SP 800-53, CMMC L1