Scribd Logo
Upload

Welcome to Scribd!

  • Some Key Windows Event Logs: Log Name Provider Name Event Ids Description

    Uploaded by

    Julius Salad
    25 views2 pages
    This document provides a summary of common Windows event logs, including the provider name, log name, relevant event IDs, and brief descriptions. It lists event logs for the System, Security, Application, Firewall, AppLocker, Windows Defender, and other logs. The event logs track operating system, security and application events like user and group management, firewall actions, malware detection, and more.

    Original Description:

    RTFM

    Original Title

    SBT ELT

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides a summary of common Windows event logs, including the provider name, log name, relevant event IDs, and brief descriptions. It lists event logs for the System, Security, Application, Firewall, AppLocker, Windows Defender, and other logs. The event logs track operating system, security and application events like user and group management, firewall actions, malware detection, and more.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    25 views2 pages

    Some Key Windows Event Logs: Log Name Provider Name Event Ids Description

    Uploaded by

    Julius Salad
    This document provides a summary of common Windows event logs, including the provider name, log name, relevant event IDs, and brief descriptions. It lists event logs for the System, Security, Application, Firewall, AppLocker, Windows Defender, and other logs. The event logs track operating system, security and application events like user and group management, firewall actions, malware detection, and more.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 2

    Some Key Windows Event Logs

    Provider
    Log Name Event IDs Description
    Name

    A service was installed in


    System 7045
    the system

    ...service is marked as an
    interactive service.
    However, the system is
    System 7030 configured to not allow
    interactive services. This
    service may not function
    properly.

    System 1056 Create RDP certificate

    7045,
    10000,
    10001,
    10100,
    20001,
    Security Insert USB
    20002,
    20003,
    24576,
    24577,
    24579

    Security 4624 Account Logon

    Security 4625 Failed login

    Security 4688 Process creation logging

    Security 4720 A user account was created

    Security 4722 A user account was enabled

    Additional user creation


    Secutity 4724, 4738
    events

    A member was added to a


    Security 4728 security-enabled global
    group

    A member was added to a


    Security 4732 security-enabled local

    1/2
    group

    Security 1102 Clear Event log

    EMET detected ... mitigation


    Application EMET 2 and will close the
    application: ...exe

    Firewall 2003 Disable firewall

    (EXE/MSI) was allowed to


    run but would have been
    Microsoft-Windows- prevented from running if
    8003
    AppLocker/EXE and DLL the AppLocker policy were
    enforced

    Microsoft-Windows- (EXE/MSI) was prevented


    8004
    AppLocker/EXE and DLL from running.

    Windows Defender has


    Microsoft-Windows- detected malware or other
    1116
    WindowsDefender/Operational potentially unwanted
    software

    Windows Defender has


    taken action to protect this
    Microsoft-Windows-
    1117 machine from malware or
    WindowsDefender/Operational
    other potentially unwanted
    software

    Additional Info
    A printable PDF version of this cheatsheet is available here:
    WindowsEventLogsTable

    Cheat Sheet Version


    Version 1.0

    2/2

    You might also like