Forum
Ultimate Windows Security Forum
Forums
Topics
Replies
Last Post
Security Log
Get your questions answered about the Windows Security Log
3,011
784
9/14/2017 4:13:56 PM
In: RE: Question on 4674 events
By wdewey
Windows Security Settings
Got a question about a specific Windows security setting? Ask it here.
52
65
5/19/2017 7:51:57 AM
In: security settings stops...
By bjvista
Sysmon
Questions on Sysmon events
0
0
Resend Validation Email
|
Mark All as Read
|
Delete Forum Cookies
Forum Key
Moderated forum (New Posts)
Normal Forum (New Posts)
Moderated forum
Normal Forum
Redirect forum
Closed forum (No new posts allowed)
Forum Jump...
----------------
Forum Home
Search
Members List
Calendar
Who's Online
----------------
Ultimate Windows Security Forum
|-- Security Log
|---- 512 - Windows NT is starting up
|---- 513 - Windows is shutting down
|---- 514 - An authentication package has been...
|---- 515 - A trusted logon process has registered...
|---- 516 - Internal resources allocated for the...
|---- 517 - The audit log was cleared
|---- 518 - A notification package has been loaded...
|---- 519 - A process is using an invalid local...
|---- 520 - The system time was changed
|---- 521 - Unable to log events to security log
|---- 528 - Successful Logon
|---- 529 - Logon Failure - Unknown user name or...
|---- 530 - Logon Failure - Account logon time...
|---- 531 - Logon Failure - Account currently...
|---- 532 - Logon Failure - The specified user...
|---- 533 - Logon Failure - User not allowed to...
|---- 534 - Logon Failure - The user has not been...
|---- 535 - Logon Failure - The specified account's...
|---- 536 - Logon Failure - The NetLogon component...
|---- 537 - Logon failure - The logon attempt...
|---- 538 - User Logoff
|---- 539 - Logon Failure - Account locked out
|---- 540 - Successful Network Logon
|---- 551 - User initiated logoff
|---- 552 - Logon attempt using explicit...
|---- 560 - Object Open
|---- 561 - Handle Allocated
|---- 562 - Handle Closed
|---- 563 - Object Open for Delete
|---- 564 - Object Deleted
|---- 565 - Object Open (Active Directory)
|---- 566 - Object Operation (W3 Active Directory)
|---- 567 - Object Access Attempt
|---- 576 - Special privileges assigned to new...
|---- 577 - Privileged Service Called
|---- 578 - Privileged object operation
|---- 592 - A new process has been created
|---- 593 - A process has exited
|---- 594 - A handle to an object has been...
|---- 595 - Indirect access to an object has been...
|---- 596 - Backup of data protection master key
|---- 600 - A process was assigned a primary token
|---- 601 - Attempt to install service
|---- 602 - Scheduled Task created
|---- 608 - User Right Assigned
|---- 609 - User Right Removed
|---- 610 - New Trusted Domain
|---- 611 - Removing Trusted Domain
|---- 612 - Audit Policy Change
|---- 613 - IPSec policy agent started
|---- 614 - IPSec policy agent disabled
|---- 615 - IPSEC PolicyAgent Service
|---- 616 - IPSec policy agent encountered a...
|---- 617 - Kerberos Policy Changed
|---- 618 - Encrypted Data Recovery Policy Changed
|---- 619 - Quality of Service Policy Changed
|---- 620 - Trusted Domain Information Modified
|---- 621 - System Security Access Granted
|---- 622 - System Security Access Removed
|---- 623 - Per User Audit Policy was refreshed
|---- 624 - User Account Created
|---- 625 - User Account Type Changed
|---- 626 - User Account Enabled
|---- 627 - Change Password Attempt
|---- 628 - User Account password set
|---- 629 - User Account Disabled
|---- 630 - User Account Deleted
|---- 631 - Security Enabled Global Group Created
|---- 632 - Security Enabled Global Group Member...
|---- 633 - Security Enabled Global Group Member...
|---- 634 - Security Enabled Global Group Deleted
|---- 635 - Security Enabled Local Group Created
|---- 636 - Security Enabled Local Group Member...
|---- 637 - Security Enabled Local Group Member...
|---- 638 - Security Enabled Local Group Deleted
|---- 639 - Security Enabled Local Group Changed
|---- 640 - General Account Database Change
|---- 641 - Security Enabled Global Group Changed
|---- 642 - User Account Changed
|---- 643 - Domain Policy Changed
|---- 644 - User Account Locked Out
|---- 645 - Computer Account Created
|---- 646 - Computer Account Changed
|---- 647 - Computer Account Deleted
|---- 648 - Security Disabled Local Group Created
|---- 649 - Security Disabled Local Group Changed
|---- 650 - Security Disabled Local Group Member...
|---- 651 - Security Disabled Local Group Member...
|---- 652 - Security Disabled Local Group Deleted
|---- 653 - Security Disabled Global Group Created
|---- 654 - Security Disabled Global Group Changed
|---- 655 - Security Disabled Global Group Member...
|---- 656 - Security Disabled Global Group Member...
|---- 657 - Security Disabled Global Group Deleted
|---- 658 - Security Enabled Universal Group...
|---- 659 - Security Enabled Universal Group...
|---- 660 - Security Enabled Universal Group Member...
|---- 661 - Security Enabled Universal Group Member...
|---- 662 - Security Enabled Universal Group...
|---- 663 - Security Disabled Universal Group...
|---- 664 - Security Disabled Universal Group...
|---- 665 - Security Disabled Universal Group...
|---- 666 - Security Disabled Universal Group...
|---- 667 - Security Disabled Universal Group...
|---- 668 - Group Type Changed
|---- 669 - Add SID History
|---- 670 - Add SID History
|---- 671 - User Account Unlocked
|---- 672 - Authentication Ticket Granted
|---- 673 - Service Ticket Granted
|---- 674 - Ticket Granted Renewed
|---- 675 - Pre-authentication failed
|---- 676 - Authentication Ticket Request Failed
|---- 677 - Service Ticket Request Failed
|---- 678 - Account Mapped for Logon by
|---- 679 - The name: %2 could not be mapped for...
|---- 680 - Account Used for Logon by
|---- 681 - The logon to account: %2 by: %1 from...
|---- 682 - Session reconnected to winstation
|---- 683 - Session disconnected from winstation
|---- 684 - Set ACLs of members in administrators...
|---- 685 - Account Name Changed
|---- 686 - Password of the following user accessed...
|---- 687 - Basic Application Group Created
|---- 688 - Basic Application Group Changed
|---- 689 - Basic Application Group Member Added
|---- 690 - Basic Application Group Member Removed
|---- 691 - Basic Application Group Non-Member...
|---- 692 - Basic Application Group Non-Member...
|---- 693 - Basic Application Group Deleted
|---- 694 - LDAP Query Group Created
|---- 695 - LDAP Query Group Changed
|---- 696 - LDAP Query Group Deleted
|---- 697 - Password Policy Checking API is called...
|---- 806 - Per User Audit Policy was refreshed
|---- 807 - Per user auditing policy set for user
|---- 808 - A security event source has attempted...
|---- 809 - A security event source has attempted...
|---- 848 - The following policy was active when...
|---- 849 - An application was listed as an...
|---- 850 - A port was listed as an exception when...
|---- 851 - A change has been made to the Windows...
|---- 852 - A change has been made to the Windows...
|---- 853 - The Windows Firewall operational mode...
|---- 854 - The Windows Firewall logging settings...
|---- 855 - A Windows Firewall ICMP setting has...
|---- 856 - The Windows Firewall setting to allow...
|---- 857 - The Windows Firewall setting to allow...
|---- 858 - Windows Firewall group policy settings...
|---- 859 - The Windows Firewall group policy...
|---- 860 - The Windows Firewall has switched the...
|---- 861 - The Windows Firewall has detected an...
|---- 1100 - The event logging service has shut...
|---- 1101 - Audit events have been dropped by the...
|---- 1102 - The audit log was cleared
|---- 1104 - The security Log is now full
|---- 1105 - Event log automatic backup
|---- 1108 - The event logging service encountered...
|---- 4500 - Metabase Add Key
|---- 4501 - Metabase Delete Key
|---- 4502 - Metabase Delete Chid Keys
|---- 4503 - Metabase Copy Key
|---- 4504 - Metabase Rename Key
|---- 4505 - Metabase Set Data
|---- 4506 - Metabase Delete Data
|---- 4507 - Metabase Delete All Data
|---- 4508 - Metabase Copy Data
|---- 4509 - Metabase Set Last Change Time
|---- 4510 - Metabase Restore
|---- 4511 - Metabase Delete Backup
|---- 4512 - Metabase Import
|---- 4608 - Windows is starting up
|---- 4609 - Windows is shutting down
|---- 4610 - An authentication package has been...
|---- 4611 - A trusted logon process has been...
|---- 4612 - Internal resources allocated for the...
|---- 4614 - A notification package has been loaded...
|---- 4615 - Invalid use of LPC port
|---- 4616 - The system time was changed.
|---- 4618 - A monitored security event pattern has...
|---- 4621 - Administrator recovered system from...
|---- 4622 - A security package has been loaded by...
|---- 4624 - An account was successfully logged on
|---- 4625 - An account failed to log on
|---- 4626 - User/Device claims information
|---- 4634 - An account was logged off
|---- 4646 - IKE DoS-prevention mode started
|---- 4647 - User initiated logoff
|---- 4648 - A logon was attempted using explicit...
|---- 4649 - A replay attack was detected
|---- 4650 - An IPsec Main Mode security...
|---- 4651 - An IPsec Main Mode security...
|---- 4652 - An IPsec Main Mode negotiation failed
|---- 4653 - An IPsec Main Mode negotiation failed
|---- 4654 - An IPsec Quick Mode negotiation failed...
|---- 4655 - An IPsec Main Mode security...
|---- 4656 - A handle to an object was requested
|---- 4657 - A registry value was modified
|---- 4658 - The handle to an object was closed
|---- 4659 - A handle to an object was requested...
|---- 4660 - An object was deleted
|---- 4661 - A handle to an object was requested
|---- 4662 - An operation was performed on an...
|---- 4663 - An attempt was made to access an...
|---- 4664 - An attempt was made to create a hard...
|---- 4665 - An attempt was made to create an...
|---- 4666 - An application attempted an operation
|---- 4667 - An application client context was...
|---- 4668 - An application was initialized
|---- 4670 - Permissions on an object were changed
|---- 4671 - An application attempted to access a...
|---- 4672 - Special privileges assigned to new...
|---- 4673 - A privileged service was called
|---- 4674 - An operation was attempted on a...
|---- 4675 - SIDs were filtered
|---- 4685 - The state of a transaction has changed...
|---- 4688 - A new process has been created
|---- 4689 - A process has exited
|---- 4690 - An attempt was made to duplicate a...
|---- 4691 - Indirect access to an object was...
|---- 4692 - Backup of data protection master key...
|---- 4693 - Recovery of data protection master key...
|---- 4694 - Protection of auditable protected data...
|---- 4695 - Unprotection of auditable protected...
|---- 4696 - A primary token was assigned to...
|---- 4697 - A service was installed in the system
|---- 4698 - A scheduled task was created
|---- 4699 - A scheduled task was deleted
|---- 4700 - A scheduled task was enabled
|---- 4701 - A scheduled task was disabled
|---- 4702 - A scheduled task was updated
|---- 4704 - A user right was assigned
|---- 4705 - A user right was removed
|---- 4706 - A new trust was created to a domain
|---- 4707 - A trust to a domain was removed
|---- 4709 - IPsec Services was started
|---- 4710 - IPsec Services was disabled
|---- 4711 - PAStore Engine (1%)
|---- 4712 - IPsec Services encountered a...
|---- 4713 - Kerberos policy was changed
|---- 4714 - Encrypted data recovery policy was...
|---- 4715 - The audit policy (SACL) on an object...
|---- 4716 - Trusted domain information was...
|---- 4717 - System security access was granted to...
|---- 4718 - System security access was removed...
|---- 4719 - System audit policy was changed
|---- 4720 - A user account was created
|---- 4722 - A user account was enabled
|---- 4723 - An attempt was made to change an...
|---- 4724 - An attempt was made to reset an...
|---- 4725 - A user account was disabled
|---- 4726 - A user account was deleted
|---- 4727 - A security-enabled global group was...
|---- 4728 - A member was added to a...
|---- 4729 - A member was removed from a...
|---- 4730 - A security-enabled global group was...
|---- 4731 - A security-enabled local group was...
|---- 4732 - A member was added to a...
|---- 4733 - A member was removed from a...
|---- 4734 - A security-enabled local group was...
|---- 4735 - A security-enabled local group was...
|---- 4737 - A security-enabled global group was...
|---- 4738 - A user account was changed
|---- 4739 - Domain Policy was changed
|---- 4740 - A user account was locked out
|---- 4741 - A computer account was created
|---- 4742 - A computer account was changed
|---- 4743 - A computer account was deleted
|---- 4744 - A security-disabled local group was...
|---- 4745 - A security-disabled local group was...
|---- 4746 - A member was added to a...
|---- 4747 - A member was removed from a...
|---- 4748 - A security-disabled local group was...
|---- 4749 - A security-disabled global group was...
|---- 4750 - A security-disabled global group was...
|---- 4751 - A member was added to a...
|---- 4752 - A member was removed from a...
|---- 4753 - A security-disabled global group was...
|---- 4754 - A security-enabled universal group was...
|---- 4755 - A security-enabled universal group was...
|---- 4756 - A member was added to a...
|---- 4757 - A member was removed from a...
|---- 4758 - A security-enabled universal group was...
|---- 4759 - A security-disabled universal group...
|---- 4760 - A security-disabled universal group...
|---- 4761 - A member was added to a...
|---- 4762 - A member was removed from a...
|---- 4763 - A security-disabled universal group...
|---- 4764 - A groups type was changed
|---- 4765 - SID History was added to an account
|---- 4766 - An attempt to add SID History to an...
|---- 4767 - A user account was unlocked
|---- 4768 - A Kerberos authentication ticket (TGT)...
|---- 4769 - A Kerberos service ticket was...
|---- 4770 - A Kerberos service ticket was renewed
|---- 4771 - Kerberos pre-authentication failed
|---- 4772 - A Kerberos authentication ticket...
|---- 4773 - A Kerberos service ticket request...
|---- 4774 - An account was mapped for logon
|---- 4775 - An account could not be mapped for...
|---- 4776 - The domain controller attempted to...
|---- 4777 - The domain controller failed to...
|---- 4778 - A session was reconnected to a Window...
|---- 4779 - A session was disconnected from a...
|---- 4780 - The ACL was set on accounts which are...
|---- 4781 - The name of an account was changed
|---- 4782 - The password hash an account was...
|---- 4783 - A basic application group was created
|---- 4784 - A basic application group was changed
|---- 4785 - A member was added to a basic...
|---- 4786 - A member was removed from a basic...
|---- 4787 - A non-member was added to a basic...
|---- 4788 - A non-member was removed from a basic...
|---- 4789 - A basic application group was deleted
|---- 4790 - An LDAP query group was created
|---- 4791 - A basic application group was changed
|---- 4792 - An LDAP query group was deleted
|---- 4793 - The Password Policy Checking API was...
|---- 4794 - An attempt was made to set the...
|---- 4797 - An attempt was made to query the...
|---- 4800 - The workstation was locked
|---- 4801 - The workstation was unlocked
|---- 4802 - The screen saver was invoked
|---- 4803 - The screen saver was dismissed
|---- 4816 - RPC detected an integrity violation...
|---- 4817 - Auditing settings on object were...
|---- 4818 - Proposed Central Access Policy does...
|---- 4819 - Central Access Policies on the machine...
|---- 4820 - A Kerberos Ticket-granting-ticket...
|---- 4821 - A Kerberos service ticket was denied...
|---- 4822 - NTLM authentication failed because the...
|---- 4823 - NTLM authentication failed because...
|---- 4824 - Kerberos preauthentication by using...
|---- 4864 - A namespace collision was detected
|---- 4865 - A trusted forest information entry was...
|---- 4866 - A trusted forest information entry was...
|---- 4867 - A trusted forest information entry was...
|---- 4868 - The certificate manager denied a...
|---- 4869 - Certificate Services received a...
|---- 4870 - Certificate Services revoked a...
|---- 4871 - Certificate Services received a...
|---- 4872 - Certificate Services published the...
|---- 4873 - A certificate request extension...
|---- 4874 - One or more certificate request...
|---- 4875 - Certificate Services received a...
|---- 4876 - Certificate Services backup started
|---- 4877 - Certificate Services backup completed
|---- 4878 - Certificate Services restore started
|---- 4879 - Certificate Services restore completed...
|---- 4880 - Certificate Services started
|---- 4881 - Certificate Services stopped
|---- 4882 - The security permissions for...
|---- 4883 - Certificate Services retrieved an...
|---- 4884 - Certificate Services imported a...
|---- 4885 - The audit filter for Certificate...
|---- 4886 - Certificate Services received a...
|---- 4887 - Certificate Services approved a...
|---- 4888 - Certificate Services denied a...
|---- 4889 - Certificate Services set the status of...
|---- 4890 - The certificate manager settings for...
|---- 4891 - A configuration entry changed in...
|---- 4892 - A property of Certificate Services...
|---- 4893 - Certificate Services archived a key
|---- 4894 - Certificate Services imported and...
|---- 4895 - Certificate Services published the CA...
|---- 4896 - One or more rows have been deleted...
|---- 4897 - Role separation enabled
|---- 4898 - Certificate Services loaded a template...
|---- 4899 - A Certificate Services template was...
|---- 4900 - Certificate Services template security...
|---- 4902 - The Per-user audit policy table was...
|---- 4904 - An attempt was made to register a...
|---- 4905 - An attempt was made to unregister a...
|---- 4906 - The CrashOnAuditFail value has changed...
|---- 4907 - Auditing settings on object were...
|---- 4908 - Special Groups Logon table modified
|---- 4909 - The local policy settings for the TBS...
|---- 4910 - The group policy settings for the TBS...
|---- 4911 - Resource attributes of the object were...
|---- 4912 - Per User Audit Policy was changed
|---- 4913 - Central Access Policy on the object...
|---- 4928 - An Active Directory replica source...
|---- 4929 - An Active Directory replica source...
|---- 4930 - An Active Directory replica source...
|---- 4931 - An Active Directory replica...
|---- 4932 - Synchronization of a replica of an...
|---- 4933 - Synchronization of a replica of an...
|---- 4934 - Attributes of an Active Directory...
|---- 4935 - Replication failure begins
|---- 4936 - Replication failure ends
|---- 4937 - A lingering object was removed from a...
|---- 4944 - The following policy was active when...
|---- 4945 - A rule was listed when the Windows...
|---- 4946 - A change has been made to Windows...
|---- 4947 - A change has been made to Windows...
|---- 4948 - A change has been made to Windows...
|---- 4949 - Windows Firewall settings were...
|---- 4950 - A Windows Firewall setting has changed...
|---- 4951 - A rule has been ignored because its...
|---- 4952 - Parts of a rule have been ignored...
|---- 4953 - A rule has been ignored by Windows...
|---- 4954 - Windows Firewall Group Policy settings...
|---- 4956 - Windows Firewall has changed the...
|---- 4957 - Windows Firewall did not apply the...
|---- 4958 - Windows Firewall did not apply the...
|---- 4960 - IPsec dropped an inbound packet that...
|---- 4961 - IPsec dropped an inbound packet that...
|---- 4962 - IPsec dropped an inbound packet that...
|---- 4963 - IPsec dropped an inbound clear text...
|---- 4964 - Special groups have been assigned to a...
|---- 4965 - IPsec received a packet from a remote...
|---- 4976 - During Main Mode negotiation, IPsec...
|---- 4977 - During Quick Mode negotiation, IPsec...
|---- 4978 - During Extended Mode negotiation,...
|---- 4979 - IPsec Main Mode and Extended Mode...
|---- 4980 - IPsec Main Mode and Extended Mode...
|---- 4981 - IPsec Main Mode and Extended Mode...
|---- 4982 - IPsec Main Mode and Extended Mode...
|---- 4983 - An IPsec Extended Mode negotiation...
|---- 4984 - An IPsec Extended Mode negotiation...
|---- 4985 - The state of a transaction has changed...
|---- 5024 - The Windows Firewall Service has...
|---- 5025 - The Windows Firewall Service has been...
|---- 5027 - The Windows Firewall Service was...
|---- 5028 - The Windows Firewall Service was...
|---- 5029 - The Windows Firewall Service failed to...
|---- 5030 - The Windows Firewall Service failed to...
|---- 5031 - The Windows Firewall Service blocked...
|---- 5032 - Windows Firewall was unable to notify...
|---- 5033 - The Windows Firewall Driver has...
|---- 5034 - The Windows Firewall Driver has been...
|---- 5035 - The Windows Firewall Driver failed to...
|---- 5037 - The Windows Firewall Driver detected...
|---- 5038 - Code integrity determined that the...
|---- 5039 - A registry key was virtualized.
|---- 5040 - A change has been made to IPsec...
|---- 5041 - A change has been made to IPsec...
|---- 5042 - A change has been made to IPsec...
|---- 5043 - A change has been made to IPsec...
|---- 5044 - A change has been made to IPsec...
|---- 5045 - A change has been made to IPsec...
|---- 5046 - A change has been made to IPsec...
|---- 5047 - A change has been made to IPsec...
|---- 5048 - A change has been made to IPsec...
|---- 5049 - An IPsec Security Association was...
|---- 5050 - An attempt to programmatically disable...
|---- 5051 - A file was virtualized
|---- 5056 - A cryptographic self test was...
|---- 5057 - A cryptographic primitive operation...
|---- 5058 - Key file operation
|---- 5059 - Key migration operation
|---- 5060 - Verification operation failed
|---- 5061 - Cryptographic operation
|---- 5062 - A kernel-mode cryptographic self test...
|---- 5063 - A cryptographic provider operation was...
|---- 5064 - A cryptographic context operation was...
|---- 5065 - A cryptographic context modification...
|---- 5066 - A cryptographic function operation was...
|---- 5067 - A cryptographic function modification...
|---- 5068 - A cryptographic function provider...
|---- 5069 - A cryptographic function property...
|---- 5070 - A cryptographic function property...
|---- 5071 - Key access denied by Microsoft key...
|---- 5120 - OCSP Responder Service Started
|---- 5121 - OCSP Responder Service Stopped
|---- 5122 - A Configuration entry changed in the...
|---- 5123 - A configuration entry changed in the...
|---- 5124 - A security setting was updated on OCSP...
|---- 5125 - A request was submitted to OCSP...
|---- 5126 - Signing Certificate was automatically...
|---- 5127 - The OCSP Revocation Provider...
|---- 5136 - A directory service object was...
|---- 5137 - A directory service object was created...
|---- 5138 - A directory service object was...
|---- 5139 - A directory service object was moved
|---- 5140 - A network share object was accessed
|---- 5141 - A directory service object was deleted...
|---- 5142 - A network share object was added
|---- 5143 - A network share object was modified
|---- 5144 - A network share object was deleted
|---- 5145 - A network share object was checked to...
|---- 5146 - The Windows Filtering Platform has...
|---- 5147 - A more restrictive Windows Filtering...
|---- 5148 - The Windows Filtering Platform has...
|---- 5149 - The DoS attack has subsided and normal...
|---- 5150 - The Windows Filtering Platform has...
|---- 5151 - A more restrictive Windows Filtering...
|---- 5152 - The Windows Filtering Platform blocked...
|---- 5153 - A more restrictive Windows Filtering...
|---- 5154 - The Windows Filtering Platform has...
|---- 5155 - The Windows Filtering Platform has...
|---- 5156 - The Windows Filtering Platform has...
|---- 5157 - The Windows Filtering Platform has...
|---- 5158 - The Windows Filtering Platform has...
|---- 5159 - The Windows Filtering Platform has...
|---- 5168 - Spn check for SMB/SMB2 fails
|---- 5376 - Credential Manager credentials were...
|---- 5377 - Credential Manager credentials were...
|---- 5378 - The requested credentials delegation...
|---- 5440 - The following callout was present when...
|---- 5441 - The following filter was present when...
|---- 5442 - The following provider was present...
|---- 5443 - The following provider context was...
|---- 5444 - The following sub-layer was present...
|---- 5446 - A Windows Filtering Platform callout...
|---- 5447 - A Windows Filtering Platform filter...
|---- 5448 - A Windows Filtering Platform provider...
|---- 5449 - A Windows Filtering Platform provider...
|---- 5450 - A Windows Filtering Platform sub-layer...
|---- 5451 - An IPsec Quick Mode security...
|---- 5452 - An IPsec Quick Mode security...
|---- 5453 - An IPsec negotiation with a remote...
|---- 5456 - PAStore Engine applied Active...
|---- 5457 - PAStore Engine failed to apply Active...
|---- 5458 - PAStore Engine applied locally cached...
|---- 5459 - PAStore Engine failed to apply locally...
|---- 5460 - PAStore Engine applied local registry...
|---- 5461 - PAStore Engine failed to apply local...
|---- 5462 - PAStore Engine failed to apply some...
|---- 5463 - PAStore Engine polled for changes to...
|---- 5464 - PAStore Engine polled for changes to...
|---- 5465 - PAStore Engine received a control for...
|---- 5466 - PAStore Engine polled for changes to...
|---- 5467 - PAStore Engine polled for changes to...
|---- 5468 - PAStore Engine polled for changes to...
|---- 5471 - PAStore Engine loaded local storage...
|---- 5472 - PAStore Engine failed to load local...
|---- 5473 - PAStore Engine loaded directory...
|---- 5474 - PAStore Engine failed to load...
|---- 5477 - PAStore Engine failed to add quick...
|---- 5478 - IPsec Services has started...
|---- 5479 - IPsec Services has been shut down...
|---- 5480 - IPsec Services failed to get the...
|---- 5483 - IPsec Services failed to initialize...
|---- 5484 - IPsec Services has experienced a...
|---- 5485 - IPsec Services failed to process some...
|---- 5632 - A request was made to authenticate to...
|---- 5633 - A request was made to authenticate to...
|---- 5712 - A Remote Procedure Call (RPC) was...
|---- 5888 - An object in the COM+ Catalog was...
|---- 5889 - An object was deleted from the COM+...
|---- 5890 - An object was added to the COM+...
|---- 6144 - Security policy in the group policy...
|---- 6145 - One or more errors occured while...
|---- 6272 - Network Policy Server granted access...
|---- 6273 - Network Policy Server denied access to...
|---- 6274 - Network Policy Server discarded the...
|---- 6275 - Network Policy Server discarded the...
|---- 6276 - Network Policy Server quarantined a...
|---- 6277 - Network Policy Server granted access...
|---- 6278 - Network Policy Server granted full...
|---- 6279 - Network Policy Server locked the user...
|---- 6280 - Network Policy Server unlocked the...
|---- 6281 - Code Integrity determined that the...
|---- 6400 - BranchCache: Received an incorrectly...
|---- 6401 - BranchCache: Received invalid data...
|---- 6402 - BranchCache: The message to the hosted...
|---- 6403 - BranchCache: The hosted cache sent an...
|---- 6404 - BranchCache: Hosted cache could not be...
|---- 6405 - BranchCache: %2 instance(s) of event...
|---- 6406 - %1 registered to Windows Firewall to...
|---- 6407 - %1
|---- 6408 - Registered product %1 failed and...
|---- 6409 - BranchCache: A service connection...
|-- Windows Security Settings
|-- Sysmon
All times are GMT -5:00, Time now is 2:52am
Upcoming Webinars
How Hybrid Clouds Connect to Your Network; Understanding and Mitigating the Risks of VPN-to-Cloud and Cloud Application Gateways
Linux Security: Top Files and Directories to Monitor in Linux to Catch Attackers
3 Modern Active Directory Attack Scenarios and How to Detect Them
Monitoring Privileged Accounts with the Windows Security Log to Catch Lateral Movement by Mimikatz and other Credential Harvesting
Additional Resources
Security Log Quick Reference Chart
Home
>
Forum
User name:
Password:
/
Forgot?
Register
Home
