Event Codes
Windows Common/Useful Event Codes
Last updated
Windows Common/Useful Event Codes
Last updated
Ultimate Windows Security Encyclopedia
New Process Created
User Account Created
User Account Enabled
Attempts to reset accounts password
Delete User
User added to a security-enabled global group
User added to a security-enabled local group
Clear Event Log
Logon Success
Logon Failed
A service was installed in the system
User Account locked out
User Account Unlocked
Terminal Service Session Reconnected
Terminal Service Session Reconnected
User Initiated Logoff
Object Permission Changed
NTLM over kerberos (DC attempted to validate the credentials for an account)
An attempt was made to access an object
A handle to an object was requested with intent to delete
An object was deleted
Disable Firewall
2003
Create Services
7030, 7045
Applocker
8003, 8004, 8006, 8007
Service Terminated Unexpectedly
7034
Service Start Type Change (disabled, manual, automatic)
7040
Service Start / Stop
7036
DC sync based activity
4662
Insert USB
7045 10000, 10001, 10100 20001, 20001, 20003 24576, 24577, 24579
(Logon Type 3, 10)
(Logon Type 3, 10)