You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1.6 KiB
1.6 KiB
| 1 | event_id | source | description |
|---|---|---|---|
| 2 | 104 | Microsoft-Windows-Eventlog | Attackers tend to clear logs in order to hide previous activity. |
| 3 | 104 | Eventlog | Attackers tend to clear logs in order to hide previous activity. |
| 4 | 517 | Security | Attackers tend to clear logs in order to hide previous activity. |
| 5 | 1000 | Application Error | Critical application error |
| 6 | 1001 | Microsoft-Windows-WER-SystemErrorReporting | Blue Screen of Death |
| 7 | 1002 | Application Hang | Application hang |
| 8 | 1076 | USER32 | An admin provided a reason for an unexpected restart |
| 9 | 1102 | Eventlog | Attackers tend to clear logs in order to hide previous activity. |
| 10 | 2004 | Microsoft-Windows-Windows Firewall with Advanced Security | Firewall rule added |
| 11 | 2006 | Microsoft-Windows-Windows Firewall with Advanced Security | Firewall rule deleted |
| 12 | 2033 | Microsoft-Windows-Windows Firewall with Advanced Security | Firewall rule deleted |
| 13 | 4608 | Microsoft Windows security auditing | The computer has been restarted - not an usual event. |
| 14 | 4625 | Microsoft Windows security auditing | A user failed to logon |
| 15 | 4663 | Microsoft-Windows-Security-Auditing | An audited object has been accessed. |
| 16 | 4719 | Microsoft-Windows-Security-Auditing | System audit policy was changed |
| 17 | 4728 | Microsoft-Windows-Security-Auditing | User Added to Privileged Group |
| 18 | 4732 | Microsoft-Windows-Security-Auditing | User Added to Privileged Group |
| 19 | 4735 | Microsoft-Windows-Security-Auditing | Security-Enabled Group Modification |
| 20 | 4740 | Microsoft-Windows-Security-Auditing | Account lockout |
| 21 | 4756 | Microsoft-Windows-Security-Auditing | User Added to Privileged Group |
| 22 | 7045 | Service Control Manager | Installation of new services are not typical events. |