Forum
Ultimate Windows Security Forum
Forums
Topics
Replies
Last Post
Security Log
Get your questions answered about the Windows Security Log
3,064
851
5/16/2019 6:39:41 AM
In: How to find if the changed...
By raounotech
Windows Security Settings
Got a question about a specific Windows security setting? Ask it here.
53
66
12/8/2017 9:48:10 AM
In: RE: Ports requirement between...
By bjvista
Sysmon
Questions on Sysmon events
0
0
Resend Validation Email
|
Mark All as Read
|
Delete Forum Cookies
Forum Key
Moderated forum (New Posts)
Normal Forum (New Posts)
Moderated forum
Normal Forum
Redirect forum
Closed forum (No new posts allowed)
Forum Jump...
----------------
Forum Home
Search
Members List
Calendar
Who's Online
----------------
Ultimate Windows Security Forum
|-- Security Log
|---- 512 - Windows NT is starting up
|---- 513 - Windows is shutting down
|---- 514 - An authentication package has been...
|---- 515 - A trusted logon process has registered...
|---- 516 - Internal resources allocated for the...
|---- 517 - The audit log was cleared
|---- 518 - A notification package has been loaded...
|---- 519 - A process is using an invalid local...
|---- 520 - The system time was changed
|---- 521 - Unable to log events to security log
|---- 528 - Successful Logon
|---- 529 - Logon Failure - Unknown user name or...
|---- 530 - Logon Failure - Account logon time...
|---- 531 - Logon Failure - Account currently...
|---- 532 - Logon Failure - The specified user...
|---- 533 - Logon Failure - User not allowed to...
|---- 534 - Logon Failure - The user has not been...
|---- 535 - Logon Failure - The specified account's...
|---- 536 - Logon Failure - The NetLogon component...
|---- 537 - Logon failure - The logon attempt...
|---- 538 - User Logoff
|---- 539 - Logon Failure - Account locked out
|---- 540 - Successful Network Logon
|---- 551 - User initiated logoff
|---- 552 - Logon attempt using explicit...
|---- 560 - Object Open
|---- 561 - Handle Allocated
|---- 562 - Handle Closed
|---- 563 - Object Open for Delete
|---- 564 - Object Deleted
|---- 565 - Object Open (Active Directory)
|---- 566 - Object Operation (W3 Active Directory)
|---- 567 - Object Access Attempt
|---- 576 - Special privileges assigned to new...
|---- 577 - Privileged Service Called
|---- 578 - Privileged object operation
|---- 592 - A new process has been created
|---- 593 - A process has exited
|---- 594 - A handle to an object has been...
|---- 595 - Indirect access to an object has been...
|---- 596 - Backup of data protection master key
|---- 600 - A process was assigned a primary token
|---- 601 - Attempt to install service
|---- 602 - Scheduled Task created
|---- 608 - User Right Assigned
|---- 609 - User Right Removed
|---- 610 - New Trusted Domain
|---- 611 - Removing Trusted Domain
|---- 612 - Audit Policy Change
|---- 613 - IPSec policy agent started
|---- 614 - IPSec policy agent disabled
|---- 615 - IPSEC PolicyAgent Service
|---- 616 - IPSec policy agent encountered a...
|---- 617 - Kerberos Policy Changed
|---- 618 - Encrypted Data Recovery Policy Changed
|---- 619 - Quality of Service Policy Changed
|---- 620 - Trusted Domain Information Modified
|---- 621 - System Security Access Granted
|---- 622 - System Security Access Removed
|---- 623 - Per User Audit Policy was refreshed
|---- 624 - User Account Created
|---- 625 - User Account Type Changed
|---- 626 - User Account Enabled
|---- 627 - Change Password Attempt
|---- 628 - User Account password set
|---- 629 - User Account Disabled
|---- 630 - User Account Deleted
|---- 631 - Security Enabled Global Group Created
|---- 632 - Security Enabled Global Group Member...
|---- 633 - Security Enabled Global Group Member...
|---- 634 - Security Enabled Global Group Deleted
|---- 635 - Security Enabled Local Group Created
|---- 636 - Security Enabled Local Group Member...
|---- 637 - Security Enabled Local Group Member...
|---- 638 - Security Enabled Local Group Deleted
|---- 639 - Security Enabled Local Group Changed
|---- 640 - General Account Database Change
|---- 641 - Security Enabled Global Group Changed
|---- 642 - User Account Changed
|---- 643 - Domain Policy Changed
|---- 644 - User Account Locked Out
|---- 645 - Computer Account Created
|---- 646 - Computer Account Changed
|---- 647 - Computer Account Deleted
|---- 648 - Security Disabled Local Group Created
|---- 649 - Security Disabled Local Group Changed
|---- 650 - Security Disabled Local Group Member...
|---- 651 - Security Disabled Local Group Member...
|---- 652 - Security Disabled Local Group Deleted
|---- 653 - Security Disabled Global Group Created
|---- 654 - Security Disabled Global Group Changed
|---- 655 - Security Disabled Global Group Member...
|---- 656 - Security Disabled Global Group Member...
|---- 657 - Security Disabled Global Group Deleted
|---- 658 - Security Enabled Universal Group...
|---- 659 - Security Enabled Universal Group...
|---- 660 - Security Enabled Universal Group Member...
|---- 661 - Security Enabled Universal Group Member...
|---- 662 - Security Enabled Universal Group...
|---- 663 - Security Disabled Universal Group...
|---- 664 - Security Disabled Universal Group...
|---- 665 - Security Disabled Universal Group...
|---- 666 - Security Disabled Universal Group...
|---- 667 - Security Disabled Universal Group...
|---- 668 - Group Type Changed
|---- 669 - Add SID History
|---- 670 - Add SID History
|---- 671 - User Account Unlocked
|---- 672 - Authentication Ticket Granted
|---- 673 - Service Ticket Granted
|---- 674 - Ticket Granted Renewed
|---- 675 - Pre-authentication failed
|---- 676 - Authentication Ticket Request Failed
|---- 677 - Service Ticket Request Failed
|---- 678 - Account Mapped for Logon by
|---- 679 - The name: %2 could not be mapped for...
|---- 680 - Account Used for Logon by
|---- 681 - The logon to account: %2 by: %1 from...
|---- 682 - Session reconnected to winstation
|---- 683 - Session disconnected from winstation
|---- 684 - Set ACLs of members in administrators...
|---- 685 - Account Name Changed
|---- 686 - Password of the following user accessed...
|---- 687 - Basic Application Group Created
|---- 688 - Basic Application Group Changed
|---- 689 - Basic Application Group Member Added
|---- 690 - Basic Application Group Member Removed
|---- 691 - Basic Application Group Non-Member...
|---- 692 - Basic Application Group Non-Member...
|---- 693 - Basic Application Group Deleted
|---- 694 - LDAP Query Group Created
|---- 695 - LDAP Query Group Changed
|---- 696 - LDAP Query Group Deleted
|---- 697 - Password Policy Checking API is called...
|---- 806 - Per User Audit Policy was refreshed
|---- 807 - Per user auditing policy set for user
|---- 808 - A security event source has attempted...
|---- 809 - A security event source has attempted...
|---- 848 - The following policy was active when...
|---- 849 - An application was listed as an...
|---- 850 - A port was listed as an exception when...
|---- 851 - A change has been made to the Windows...
|---- 852 - A change has been made to the Windows...
|---- 853 - The Windows Firewall operational mode...
|---- 854 - The Windows Firewall logging settings...
|---- 855 - A Windows Firewall ICMP setting has...
|---- 856 - The Windows Firewall setting to allow...
|---- 857 - The Windows Firewall setting to allow...
|---- 858 - Windows Firewall group policy settings...
|---- 859 - The Windows Firewall group policy...
|---- 860 - The Windows Firewall has switched the...
|---- 861 - The Windows Firewall has detected an...
|---- 1100 - The event logging service has shut...
|---- 1101 - Audit events have been dropped by the...
|---- 1102 - The audit log was cleared
|---- 1104 - The security Log is now full
|---- 1105 - Event log automatic backup
|---- 1108 - The event logging service encountered...
|---- 4500 - Metabase Add Key
|---- 4501 - Metabase Delete Key
|---- 4502 - Metabase Delete Chid Keys
|---- 4503 - Metabase Copy Key
|---- 4504 - Metabase Rename Key
|---- 4505 - Metabase Set Data
|---- 4506 - Metabase Delete Data
|---- 4507 - Metabase Delete All Data
|---- 4508 - Metabase Copy Data
|---- 4509 - Metabase Set Last Change Time
|---- 4510 - Metabase Restore
|---- 4511 - Metabase Delete Backup
|---- 4512 - Metabase Import
|---- 4608 - Windows is starting up
|---- 4609 - Windows is shutting down
|---- 4610 - An authentication package has been...
|---- 4611 - A trusted logon process has been...
|---- 4612 - Internal resources allocated for the...
|---- 4614 - A notification package has been loaded...
|---- 4615 - Invalid use of LPC port
|---- 4616 - The system time was changed.
|---- 4618 - A monitored security event pattern has...
|---- 4621 - Administrator recovered system from...
|---- 4622 - A security package has been loaded by...
|---- 4624 - An account was successfully logged on
|---- 4625 - An account failed to log on
|---- 4626 - User/Device claims information
|---- 4634 - An account was logged off
|---- 4646 - IKE DoS-prevention mode started
|---- 4647 - User initiated logoff
|---- 4648 - A logon was attempted using explicit...
|---- 4649 - A replay attack was detected
|---- 4650 - An IPsec Main Mode security...
|---- 4651 - An IPsec Main Mode security...
|---- 4652 - An IPsec Main Mode negotiation failed
|---- 4653 - An IPsec Main Mode negotiation failed
|---- 4654 - An IPsec Quick Mode negotiation failed...
|---- 4655 - An IPsec Main Mode security...
|---- 4656 - A handle to an object was requested
|---- 4657 - A registry value was modified
|---- 4658 - The handle to an object was closed
|---- 4659 - A handle to an object was requested...
|---- 4660 - An object was deleted
|---- 4661 - A handle to an object was requested
|---- 4662 - An operation was performed on an...
|---- 4663 - An attempt was made to access an...
|---- 4664 - An attempt was made to create a hard...
|---- 4665 - An attempt was made to create an...
|---- 4666 - An application attempted an operation
|---- 4667 - An application client context was...
|---- 4668 - An application was initialized
|---- 4670 - Permissions on an object were changed
|---- 4671 - An application attempted to access a...
|---- 4672 - Special privileges assigned to new...
|---- 4673 - A privileged service was called
|---- 4674 - An operation was attempted on a...
|---- 4675 - SIDs were filtered
|---- 4685 - The state of a transaction has changed...
|---- 4688 - A new process has been created
|---- 4689 - A process has exited
|---- 4690 - An attempt was made to duplicate a...
|---- 4691 - Indirect access to an object was...
|---- 4692 - Backup of data protection master key...
|---- 4693 - Recovery of data protection master key...
|---- 4694 - Protection of auditable protected data...
|---- 4695 - Unprotection of auditable protected...
|---- 4696 - A primary token was assigned to...
|---- 4697 - A service was installed in the system
|---- 4698 - A scheduled task was created
|---- 4699 - A scheduled task was deleted
|---- 4700 - A scheduled task was enabled
|---- 4701 - A scheduled task was disabled
|---- 4702 - A scheduled task was updated
|---- 4704 - A user right was assigned
|---- 4705 - A user right was removed
|---- 4706 - A new trust was created to a domain
|---- 4707 - A trust to a domain was removed
|---- 4709 - IPsec Services was started
|---- 4710 - IPsec Services was disabled
|---- 4711 - PAStore Engine (1%)
|---- 4712 - IPsec Services encountered a...
|---- 4713 - Kerberos policy was changed
|---- 4714 - Encrypted data recovery policy was...
|---- 4715 - The audit policy (SACL) on an object...
|---- 4716 - Trusted domain information was...
|---- 4717 - System security access was granted to...
|---- 4718 - System security access was removed...
|---- 4719 - System audit policy was changed
|---- 4720 - A user account was created
|---- 4722 - A user account was enabled
|---- 4723 - An attempt was made to change an...
|---- 4724 - An attempt was made to reset an...
|---- 4725 - A user account was disabled
|---- 4726 - A user account was deleted
|---- 4727 - A security-enabled global group was...
|---- 4728 - A member was added to a...
|---- 4729 - A member was removed from a...
|---- 4730 - A security-enabled global group was...
|---- 4731 - A security-enabled local group was...
|---- 4732 - A member was added to a...
|---- 4733 - A member was removed from a...
|---- 4734 - A security-enabled local group was...
|---- 4735 - A security-enabled local group was...
|---- 4737 - A security-enabled global group was...
|---- 4738 - A user account was changed
|---- 4739 - Domain Policy was changed
|---- 4740 - A user account was locked out
|---- 4741 - A computer account was created
|---- 4742 - A computer account was changed
|---- 4743 - A computer account was deleted
|---- 4744 - A security-disabled local group was...
|---- 4745 - A security-disabled local group was...
|---- 4746 - A member was added to a...
|---- 4747 - A member was removed from a...
|---- 4748 - A security-disabled local group was...
|---- 4749 - A security-disabled global group was...
|---- 4750 - A security-disabled global group was...
|---- 4751 - A member was added to a...
|---- 4752 - A member was removed from a...
|---- 4753 - A security-disabled global group was...
|---- 4754 - A security-enabled universal group was...
|---- 4755 - A security-enabled universal group was...
|---- 4756 - A member was added to a...
|---- 4757 - A member was removed from a...
|---- 4758 - A security-enabled universal group was...
|---- 4759 - A security-disabled universal group...
|---- 4760 - A security-disabled universal group...
|---- 4761 - A member was added to a...
|---- 4762 - A member was removed from a...
|---- 4763 - A security-disabled universal group...
|---- 4764 - A groups type was changed
|---- 4765 - SID History was added to an account
|---- 4766 - An attempt to add SID History to an...
|---- 4767 - A user account was unlocked
|---- 4768 - A Kerberos authentication ticket (TGT)...
|---- 4769 - A Kerberos service ticket was...
|---- 4770 - A Kerberos service ticket was renewed
|---- 4771 - Kerberos pre-authentication failed
|---- 4772 - A Kerberos authentication ticket...
|---- 4773 - A Kerberos service ticket request...
|---- 4774 - An account was mapped for logon
|---- 4775 - An account could not be mapped for...
|---- 4776 - The domain controller attempted to...
|---- 4777 - The domain controller failed to...
|---- 4778 - A session was reconnected to a Window...
|---- 4779 - A session was disconnected from a...
|---- 4780 - The ACL was set on accounts which are...
|---- 4781 - The name of an account was changed
|---- 4782 - The password hash an account was...
|---- 4783 - A basic application group was created
|---- 4784 - A basic application group was changed
|---- 4785 - A member was added to a basic...
|---- 4786 - A member was removed from a basic...
|---- 4787 - A non-member was added to a basic...
|---- 4788 - A non-member was removed from a basic...
|---- 4789 - A basic application group was deleted
|---- 4790 - An LDAP query group was created
|---- 4791 - A basic application group was changed
|---- 4792 - An LDAP query group was deleted
|---- 4793 - The Password Policy Checking API was...
|---- 4794 - An attempt was made to set the...
|---- 4797 - An attempt was made to query the...
|---- 4800 - The workstation was locked
|---- 4801 - The workstation was unlocked
|---- 4802 - The screen saver was invoked
|---- 4803 - The screen saver was dismissed
|---- 4816 - RPC detected an integrity violation...
|---- 4817 - Auditing settings on object were...
|---- 4818 - Proposed Central Access Policy does...
|---- 4819 - Central Access Policies on the machine...
|---- 4820 - A Kerberos Ticket-granting-ticket...
|---- 4821 - A Kerberos service ticket was denied...
|---- 4822 - NTLM authentication failed because the...
|---- 4823 - NTLM authentication failed because...
|---- 4824 - Kerberos preauthentication by using...
|---- 4864 - A namespace collision was detected
|---- 4865 - A trusted forest information entry was...
|---- 4866 - A trusted forest information entry was...
|---- 4867 - A trusted forest information entry was...
|---- 4868 - The certificate manager denied a...
|---- 4869 - Certificate Services received a...
|---- 4870 - Certificate Services revoked a...
|---- 4871 - Certificate Services received a...
|---- 4872 - Certificate Services published the...
|---- 4873 - A certificate request extension...
|---- 4874 - One or more certificate request...
|---- 4875 - Certificate Services received a...
|---- 4876 - Certificate Services backup started
|---- 4877 - Certificate Services backup completed
|---- 4878 - Certificate Services restore started
|---- 4879 - Certificate Services restore completed...
|---- 4880 - Certificate Services started
|---- 4881 - Certificate Services stopped
|---- 4882 - The security permissions for...
|---- 4883 - Certificate Services retrieved an...
|---- 4884 - Certificate Services imported a...
|---- 4885 - The audit filter for Certificate...
|---- 4886 - Certificate Services received a...
|---- 4887 - Certificate Services approved a...
|---- 4888 - Certificate Services denied a...
|---- 4889 - Certificate Services set the status of...
|---- 4890 - The certificate manager settings for...
|---- 4891 - A configuration entry changed in...
|---- 4892 - A property of Certificate Services...
|---- 4893 - Certificate Services archived a key
|---- 4894 - Certificate Services imported and...
|---- 4895 - Certificate Services published the CA...
|---- 4896 - One or more rows have been deleted...
|---- 4897 - Role separation enabled
|---- 4898 - Certificate Services loaded a template...
|---- 4899 - A Certificate Services template was...
|---- 4900 - Certificate Services template security...
|---- 4902 - The Per-user audit policy table was...
|---- 4904 - An attempt was made to register a...
|---- 4905 - An attempt was made to unregister a...
|---- 4906 - The CrashOnAuditFail value has changed...
|---- 4907 - Auditing settings on object were...
|---- 4908 - Special Groups Logon table modified
|---- 4909 - The local policy settings for the TBS...
|---- 4910 - The group policy settings for the TBS...
|---- 4911 - Resource attributes of the object were...
|---- 4912 - Per User Audit Policy was changed
|---- 4913 - Central Access Policy on the object...
|---- 4928 - An Active Directory replica source...
|---- 4929 - An Active Directory replica source...
|---- 4930 - An Active Directory replica source...
|---- 4931 - An Active Directory replica...
|---- 4932 - Synchronization of a replica of an...
|---- 4933 - Synchronization of a replica of an...
|---- 4934 - Attributes of an Active Directory...
|---- 4935 - Replication failure begins
|---- 4936 - Replication failure ends
|---- 4937 - A lingering object was removed from a...
|---- 4944 - The following policy was active when...
|---- 4945 - A rule was listed when the Windows...
|---- 4946 - A change has been made to Windows...
|---- 4947 - A change has been made to Windows...
|---- 4948 - A change has been made to Windows...
|---- 4949 - Windows Firewall settings were...
|---- 4950 - A Windows Firewall setting has changed...
|---- 4951 - A rule has been ignored because its...
|---- 4952 - Parts of a rule have been ignored...
|---- 4953 - A rule has been ignored by Windows...
|---- 4954 - Windows Firewall Group Policy settings...
|---- 4956 - Windows Firewall has changed the...
|---- 4957 - Windows Firewall did not apply the...
|---- 4958 - Windows Firewall did not apply the...
|---- 4960 - IPsec dropped an inbound packet that...
|---- 4961 - IPsec dropped an inbound packet that...
|---- 4962 - IPsec dropped an inbound packet that...
|---- 4963 - IPsec dropped an inbound clear text...
|---- 4964 - Special groups have been assigned to a...
|---- 4965 - IPsec received a packet from a remote...
|---- 4976 - During Main Mode negotiation, IPsec...
|---- 4977 - During Quick Mode negotiation, IPsec...
|---- 4978 - During Extended Mode negotiation,...
|---- 4979 - IPsec Main Mode and Extended Mode...
|---- 4980 - IPsec Main Mode and Extended Mode...
|---- 4981 - IPsec Main Mode and Extended Mode...
|---- 4982 - IPsec Main Mode and Extended Mode...
|---- 4983 - An IPsec Extended Mode negotiation...
|---- 4984 - An IPsec Extended Mode negotiation...
|---- 4985 - The state of a transaction has changed...
|---- 5024 - The Windows Firewall Service has...
|---- 5025 - The Windows Firewall Service has been...
|---- 5027 - The Windows Firewall Service was...
|---- 5028 - The Windows Firewall Service was...
|---- 5029 - The Windows Firewall Service failed to...
|---- 5030 - The Windows Firewall Service failed to...
|---- 5031 - The Windows Firewall Service blocked...
|---- 5032 - Windows Firewall was unable to notify...
|---- 5033 - The Windows Firewall Driver has...
|---- 5034 - The Windows Firewall Driver has been...
|---- 5035 - The Windows Firewall Driver failed to...
|---- 5037 - The Windows Firewall Driver detected...
|---- 5038 - Code integrity determined that the...
|---- 5039 - A registry key was virtualized.
|---- 5040 - A change has been made to IPsec...
|---- 5041 - A change has been made to IPsec...
|---- 5042 - A change has been made to IPsec...
|---- 5043 - A change has been made to IPsec...
|---- 5044 - A change has been made to IPsec...
|---- 5045 - A change has been made to IPsec...
|---- 5046 - A change has been made to IPsec...
|---- 5047 - A change has been made to IPsec...
|---- 5048 - A change has been made to IPsec...
|---- 5049 - An IPsec Security Association was...
|---- 5050 - An attempt to programmatically disable...
|---- 5051 - A file was virtualized
|---- 5056 - A cryptographic self test was...
|---- 5057 - A cryptographic primitive operation...
|---- 5058 - Key file operation
|---- 5059 - Key migration operation
|---- 5060 - Verification operation failed
|---- 5061 - Cryptographic operation
|---- 5062 - A kernel-mode cryptographic self test...
|---- 5063 - A cryptographic provider operation was...
|---- 5064 - A cryptographic context operation was...
|---- 5065 - A cryptographic context modification...
|---- 5066 - A cryptographic function operation was...
|---- 5067 - A cryptographic function modification...
|---- 5068 - A cryptographic function provider...
|---- 5069 - A cryptographic function property...
|---- 5070 - A cryptographic function property...
|---- 5071 - Key access denied by Microsoft key...
|---- 5120 - OCSP Responder Service Started
|---- 5121 - OCSP Responder Service Stopped
|---- 5122 - A Configuration entry changed in the...
|---- 5123 - A configuration entry changed in the...
|---- 5124 - A security setting was updated on OCSP...
|---- 5125 - A request was submitted to OCSP...
|---- 5126 - Signing Certificate was automatically...
|---- 5127 - The OCSP Revocation Provider...
|---- 5136 - A directory service object was...
|---- 5137 - A directory service object was created...
|---- 5138 - A directory service object was...
|---- 5139 - A directory service object was moved
|---- 5140 - A network share object was accessed
|---- 5141 - A directory service object was deleted...
|---- 5142 - A network share object was added
|---- 5143 - A network share object was modified
|---- 5144 - A network share object was deleted
|---- 5145 - A network share object was checked to...
|---- 5146 - The Windows Filtering Platform has...
|---- 5147 - A more restrictive Windows Filtering...
|---- 5148 - The Windows Filtering Platform has...
|---- 5149 - The DoS attack has subsided and normal...
|---- 5150 - The Windows Filtering Platform has...
|---- 5151 - A more restrictive Windows Filtering...
|---- 5152 - The Windows Filtering Platform blocked...
|---- 5153 - A more restrictive Windows Filtering...
|---- 5154 - The Windows Filtering Platform has...
|---- 5155 - The Windows Filtering Platform has...
|---- 5156 - The Windows Filtering Platform has...
|---- 5157 - The Windows Filtering Platform has...
|---- 5158 - The Windows Filtering Platform has...
|---- 5159 - The Windows Filtering Platform has...
|---- 5168 - Spn check for SMB/SMB2 fails
|---- 5376 - Credential Manager credentials were...
|---- 5377 - Credential Manager credentials were...
|---- 5378 - The requested credentials delegation...
|---- 5440 - The following callout was present when...
|---- 5441 - The following filter was present when...
|---- 5442 - The following provider was present...
|---- 5443 - The following provider context was...
|---- 5444 - The following sub-layer was present...
|---- 5446 - A Windows Filtering Platform callout...
|---- 5447 - A Windows Filtering Platform filter...
|---- 5448 - A Windows Filtering Platform provider...
|---- 5449 - A Windows Filtering Platform provider...
|---- 5450 - A Windows Filtering Platform sub-layer...
|---- 5451 - An IPsec Quick Mode security...
|---- 5452 - An IPsec Quick Mode security...
|---- 5453 - An IPsec negotiation with a remote...
|---- 5456 - PAStore Engine applied Active...
|---- 5457 - PAStore Engine failed to apply Active...
|---- 5458 - PAStore Engine applied locally cached...
|---- 5459 - PAStore Engine failed to apply locally...
|---- 5460 - PAStore Engine applied local registry...
|---- 5461 - PAStore Engine failed to apply local...
|---- 5462 - PAStore Engine failed to apply some...
|---- 5463 - PAStore Engine polled for changes to...
|---- 5464 - PAStore Engine polled for changes to...
|---- 5465 - PAStore Engine received a control for...
|---- 5466 - PAStore Engine polled for changes to...
|---- 5467 - PAStore Engine polled for changes to...
|---- 5468 - PAStore Engine polled for changes to...
|---- 5471 - PAStore Engine loaded local storage...
|---- 5472 - PAStore Engine failed to load local...
|---- 5473 - PAStore Engine loaded directory...
|---- 5474 - PAStore Engine failed to load...
|---- 5477 - PAStore Engine failed to add quick...
|---- 5478 - IPsec Services has started...
|---- 5479 - IPsec Services has been shut down...
|---- 5480 - IPsec Services failed to get the...
|---- 5483 - IPsec Services failed to initialize...
|---- 5484 - IPsec Services has experienced a...
|---- 5485 - IPsec Services failed to process some...
|---- 5632 - A request was made to authenticate to...
|---- 5633 - A request was made to authenticate to...
|---- 5712 - A Remote Procedure Call (RPC) was...
|---- 5888 - An object in the COM+ Catalog was...
|---- 5889 - An object was deleted from the COM+...
|---- 5890 - An object was added to the COM+...
|---- 6144 - Security policy in the group policy...
|---- 6145 - One or more errors occured while...
|---- 6272 - Network Policy Server granted access...
|---- 6273 - Network Policy Server denied access to...
|---- 6274 - Network Policy Server discarded the...
|---- 6275 - Network Policy Server discarded the...
|---- 6276 - Network Policy Server quarantined a...
|---- 6277 - Network Policy Server granted access...
|---- 6278 - Network Policy Server granted full...
|---- 6279 - Network Policy Server locked the user...
|---- 6280 - Network Policy Server unlocked the...
|---- 6281 - Code Integrity determined that the...
|---- 6400 - BranchCache: Received an incorrectly...
|---- 6401 - BranchCache: Received invalid data...
|---- 6402 - BranchCache: The message to the hosted...
|---- 6403 - BranchCache: The hosted cache sent an...
|---- 6404 - BranchCache: Hosted cache could not be...
|---- 6405 - BranchCache: %2 instance(s) of event...
|---- 6406 - %1 registered to Windows Firewall to...
|---- 6407 - %1
|---- 6408 - Registered product %1 failed and...
|---- 6409 - BranchCache: A service connection...
|-- Windows Security Settings
|-- Sysmon
All times are GMT -5:00, Time now is 9:05am
Upcoming Webinars
Container Security Fundamentals: How Containers Work in Linux and Docker, How They Differ from VMs and What It Means to Security
Building a Resilient Logging Pipeline: Windows Event Collection Tips and Tricks for When You Are Serious About Log Collection
Real Life Ethical Hack of a Power Station: Inside the mind of a Hacker on how to Successfully Break in and the Lessons Learned
Top 4 Most Dangerous Applications on Every Endpoint; Fighting Back with Detective and Preventive Controls
Threat Detection and Hunting for 5 of the Most Common MITRE ATT&CK Techniques: Connection Proxy, Service Execution, Exfiltration, Masquerading, Drive-by Compromise
Additional Resources
Home
>
Forum
User name:
Password:
/
Forgot?
Register
Home
