Windows Security Log Events
All Sources
Windows Audit
SharePoint Audit
(
LOGbinder for SharePoint
)
SQL Server Audit
(
LOGbinder for SQL Server
)
Exchange Audit
(
LOGbinder for Exchange
)
Sysmon
(
MS Sysinternals Sysmon
)
Windows Audit Categories:
All categories
Account Logon
Account Management
Directory Service
Logon/Logoff
Non Audit (Event Log)
Object Access
Policy Change
Privilege Use
Process Tracking
System
Uncategorized
Subcategories:
All subcategories
Application Generated
Central Policy Staging
Certification Services
Detailed File Share
File Share
File System
Filtering Platform Connection
Filtering Platform Packet Drop
Handle Manipulation
Kernel Object
Other Object Access Events
Registry
SAM
Windows Versions:
All events
Win2000, XP and Win2003 only
Win2008, Win2012R2, Win2016 and Win10+, Win2019
Required when sub-category selected.
Category:
Object Access
Subcategory:
File System
Windows
4656
A handle to an object was requested
Windows
4658
The handle to an object was closed
Windows
4659
A handle to an object was requested with intent to delete
Windows
4660
An object was deleted
Windows
4663
An attempt was made to access an object
Windows
4664
An attempt was made to create a hard link
Windows
4670
Permissions on an object were changed
Windows
4985
The state of a transaction has changed
Stay up-to-date on the Latest in Cybersecurity
Sign up for the Ultimate IT Security newsletter to hear about the latest webinars, patches, CVEs, attacks, and more.
Work Email:
Upcoming Webinars
Identity-First Security for AI Agents: Defending a New Attack Surface Across Cloud and SaaS
Additional Resources
Encyclopedia
•
Event IDs
•
All Event IDs
•
Audit Policy
Go To Event ID:
Security Log
Quick Reference
Chart
Download now!
Tweet
User name:
Password:
/
Forgot?
Register
April 2026
Patch Tuesday
"Patch Tuesday- Only 2 Zero-Days but a Massive Month of Updates " - sponsored by LOGbinder
Home
Cookies help us deliver the best experience on our website. By using our website, you agree to the use of cookies.