Windows Security Log Events



(LOGbinder for SharePoint)
(LOGbinder for SQL Server)
(LOGbinder for Exchange)
(MS Sysinternals Sysmon)
Windows Audit Categories:

Subcategories:

Windows Versions:
Category: Process Tracking
Windows 4688 A new process has been created
Windows 4689 A process has exited
Windows 4692 Backup of data protection master key was attempted
Windows 4693 Recovery of data protection master key was attempted
Windows 4694 Protection of auditable protected data was attempted
Windows 4695 Unprotection of auditable protected data was attempted
Windows 4696 A primary token was assigned to process
Windows 4816 RPC detected an integrity violation while decrypting an incoming message
Windows 5712 A Remote Procedure Call (RPC) was attempted
Windows 6416 A new external device was recognized by the system.
Windows 6419 A request was made to disable a device
Windows 6420 A device was disabled
Windows 6421 A request was made to enable a device
Windows 6422 A device was enabled
Windows 6423 The installation of this device is forbidden by system policy
Windows 6424 The installation of this device was allowed, after having previously been forbidden by policy

Stay up-to-date on the Latest in Cybersecurity
Sign up for the Ultimate IT Security newsletter to hear about the latest webinars, patches, CVEs, attacks, and more.
Work Email:

 

Upcoming Webinars
Additional Resources
    Encyclopedia
    Event IDs
    All Event IDs
    Audit Policy

    Go To Event ID:

    Security Log
    Quick Reference
    Chart
    Download now!