Windows Security Log Events



(LOGbinder for SharePoint)
(LOGbinder for SQL Server)
(LOGbinder for Exchange)
(MS Sysinternals Sysmon)
Windows Audit Categories:

Subcategories:

Windows Versions:
Required when sub-category selected.
Category: Account Management
Subcategory: User Account Management
Windows 4720 A user account was created
Windows 4722 A user account was enabled
Windows 4723 An attempt was made to change an account's password
Windows 4724 An attempt was made to reset an accounts password
Windows 4725 A user account was disabled
Windows 4726 A user account was deleted
Windows 4738 A user account was changed
Windows 4740 A user account was locked out
Windows 4765 SID History was added to an account
Windows 4766 An attempt to add SID History to an account failed
Windows 4767 A user account was unlocked
Windows 4780 The ACL was set on accounts which are members of administrators groups
Windows 4781 The name of an account was changed
Windows 4794 An attempt was made to set the Directory Services Restore Mode administrator password
Windows 4797 An attempt was made to query the existence of a blank password for an account
Windows 4798 A user's local group membership was enumerated.
Windows 5376 Credential Manager credentials were backed up
Windows 5377 Credential Manager credentials were restored from a backup

Stay up-to-date on the Latest in Cybersecurity
Sign up for the Ultimate IT Security newsletter to hear about the latest webinars, patches, CVEs, attacks, and more.
Work Email:

 

Upcoming Webinars
Additional Resources
    Encyclopedia
    Event IDs
    All Event IDs
    Audit Policy

    Go To Event ID:

    Security Log
    Quick Reference
    Chart
    Download now!