Event Codes
Windows Common/Useful Event Codes
Last updated
Windows Common/Useful Event Codes
Last updated
Ultimate Windows Security Encyclopedia
| Type | Event ID |
|---|---|
New Process Created | |
User Account Created | |
User Account Enabled | |
Attempts to reset accounts password | |
Delete User | |
User added to a security-enabled global group | |
User added to a security-enabled local group | |
Clear Event Log | |
Logon Success | 4624 (Logon Type 3, 10) |
Logon Failed | 4625 (Logon Type 3, 10) |
A service was installed in the system | |
User Account locked out | |
User Account Unlocked | |
Terminal Service Session Reconnected | |
Terminal Service Session Reconnected | |
User Initiated Logoff | |
Object Permission Changed | |
NTLM over kerberos (DC attempted to validate the credentials for an account) | |
An attempt was made to access an object | |
A handle to an object was requested with intent to delete | |
An object was deleted | |
Disable Firewall | 2003 |
Create Services | 7030, 7045 |
Applocker | 8003, 8004, 8006, 8007 |
Service Terminated Unexpectedly | 7034 |
Service Start Type Change (disabled, manual, automatic) | 7040 |
Service Start / Stop | 7036 |
DC sync based activity | 4662 |
Insert USB | 7045 10000, 10001, 10100 20001, 20001, 20003 24576, 24577, 24579 |