Windows Security Log Events



(LOGbinder for SharePoint)
(LOGbinder for SQL Server)
(LOGbinder for Exchange)
(MS Sysinternals Sysmon)
Windows Audit Categories:

Subcategories:

Windows Versions:

Required when sub-category selected.
Category: Object Access
Subcategory: Other Object Access Events
Windows 4656 A handle to an object was requested
Windows 4658 The handle to an object was closed
Windows 4659 A handle to an object was requested with intent to delete
Windows 4660 An object was deleted
Windows 4663 An attempt was made to access an object
Windows 4671 An application attempted to access a blocked ordinal through the TBS
Windows 4691 Indirect access to an object was requested
Windows 4698 A scheduled task was created
Windows 4699 A scheduled task was deleted
Windows 4700 A scheduled task was enabled
Windows 4701 A scheduled task was disabled
Windows 4702 A scheduled task was updated
Windows 5148 The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded.
Windows 5149 The DoS attack has subsided and normal processing is being resumed.
Windows 5888 An object in the COM+ Catalog was modified
Windows 5889 An object was deleted from the COM+ Catalog

Stay up-to-date on the Latest in Cybersecurity
Sign up for the Ultimate IT Security newsletter to hear about the latest webinars, patches, CVEs, attacks, and more.
Work Email:

 

Upcoming Webinars
Additional Resources