Created
January 27, 2016 12:52
-
-
Save hiddenillusion/50d8859a2d08b78e7463 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Event Log Type | Category | Event Log Name | EID | Description/Message | |||
---|---|---|---|---|---|---|---|
evt | Logon/Logoff | Security | 528 | successful logon | |||
evt | Logon/Logoff | Security | 538 | user logoff | |||
evt | Security Controls | Security | 848 | FW policy active when started | |||
evt | Security Controls | Security | 849 | app listed as an exception in FW | |||
evt | Security Controls | Security | 851 | change made to FW app exception list | |||
evt | Security Controls | Security | 852 | change made to FW port exception list | |||
evt | Security Controls | Security | 857 | FW setting to allow remote admin has changed | |||
evt | Security Controls | Security | 859 | FW group policy settings removed | |||
evt | Security Controls | Security | 860 | FW switched active policy profile | |||
evt | Security Controls | Security | 861 | FW detected an app listening for incoming traffic | |||
evt | SQL Server | Security | 24000 | SQL audit event | |||
evt | SQL Server | Security | 24001 | Login succeeded | |||
evt | SQL Server | Security | 24002 | Logout succeeded | |||
evt | SQL Server | Security | 24003 | Login failed | |||
evt | SQL Server | Security | 24004 | Change own password succeeded | |||
evt | SQL Server | Security | 24005 | Change own password failed | |||
evt | SQL Server | Security | 24006 | Change password succeeded | |||
evt | SQL Server | Security | 24007 | Change password failed | |||
evt | SQL Server | Security | 24008 | Reset own password succeeded | |||
evt | SQL Server | Security | 24009 | Reset own password failed | |||
evt | SQL Server | Security | 24010 | Reset password succeeded | |||
evt | SQL Server | Security | 24011 | Reset password failed | |||
evt | SQL Server | Security | 24012 | Must change password | |||
evt | SQL Server | Security | 24013 | Account unlocked | |||
evt | SQL Server | Security | 24014 | Change application role password succeeded | |||
evt | SQL Server | Security | 24015 | Change application role password failed | |||
evt | SQL Server | Security | 24016 | Add member to server role succeeded | |||
evt | SQL Server | Security | 24017 | Add member to server role failed | |||
evt | SQL Server | Security | 24018 | Remove member from server role succeeded | |||
evt | SQL Server | Security | 24019 | Remove member from server role failed | |||
evt | SQL Server | Security | 24020 | Add member to database role succeeded | |||
evt | SQL Server | Security | 24021 | Add member to database role failed | |||
evt | SQL Server | Security | 24022 | Remove member from database role succeeded | |||
evt | SQL Server | Security | 24023 | Remove member from database role failed | |||
evt | SQL Server | Security | 24024 | Issued database backup command | |||
evt | SQL Server | Security | 24025 | Issued transaction log backup command | |||
evt | SQL Server | Security | 24026 | Issued database restore command | |||
evt | SQL Server | Security | 24027 | Issued tranaction log restore command | |||
evt | SQL Server | Security | 24028 | Issued database console command | |||
evt | SQL Server | Security | 24029 | Issued a bulk administration command | |||
evt | SQL Server | Security | 24030 | Issued an alter connection command | |||
evt | SQL Server | Security | 24031 | Issued an alter resources command | |||
evt | SQL Server | Security | 24032 | Issued an alter server state command | |||
evt | SQL Server | Security | 24033 | Issued an alter server settings command | |||
evt | SQL Server | Security | 24034 | Issued a view server state command | |||
evt | SQL Server | Security | 24035 | Issued an external access assembly command | |||
evt | SQL Server | Security | 24036 | Issued an unsafe assembly command | |||
evt | SQL Server | Security | 24037 | Issued an alter resource governor command | |||
evt | SQL Server | Security | 24038 | Issued a database authenticate command | |||
evt | SQL Server | Security | 24039 | Issued a database checkpoint command | |||
evt | SQL Server | Security | 24040 | Issued a database show plan command | |||
evt | SQL Server | Security | 24041 | Issued a subscribe to query information command | |||
evt | SQL Server | Security | 24042 | Issued a view database state command | |||
evt | SQL Server | Security | 24043 | Issued a change server audit command | |||
evt | SQL Server | Security | 24044 | Issued a change server audit specification command | |||
evt | SQL Server | Security | 24045 | Issued a change database audit specification command | |||
evt | SQL Server | Security | 24046 | Issued a create server audit command | |||
evt | SQL Server | Security | 24047 | Issued a create server audit specification command | |||
evt | SQL Server | Security | 24048 | Issued a created database audit specification command | |||
evt | SQL Server | Security | 24049 | Issued a delete server audit command | |||
evt | SQL Server | Security | 24050 | Issued a delete server audit specification command | |||
evt | SQL Server | Security | 24051 | Issued a delete database audit specification command | |||
evt | SQL Server | Security | 24052 | Audit failure | |||
evt | SQL Server | Security | 24053 | Audit session changed | |||
evt | SQL Server | Security | 24054 | Started SQL server | |||
evt | SQL Server | Security | 24055 | Paused SQL server | |||
evt | SQL Server | Security | 24056 | Resumed SQL server | |||
evt | SQL Server | Security | 24057 | Stopped SQL server | |||
evt | SQL Server | Security | 24058 | Issued a create server object command | |||
evt | SQL Server | Security | 24059 | Issued a change server object command | |||
evt | SQL Server | Security | 24060 | Issued a delete server object command | |||
evt | SQL Server | Security | 24061 | Issued a create server setting command | |||
evt | SQL Server | Security | 24062 | Issued a change server setting command | |||
evt | SQL Server | Security | 24063 | Issued a delete server setting command | |||
evt | SQL Server | Security | 24064 | Issued a create server cryptographic provider command | |||
evt | SQL Server | Security | 24065 | Issued a delete server cryptographic provider command | |||
evt | SQL Server | Security | 24066 | Issued a change server cryptographic provider command | |||
evt | SQL Server | Security | 24067 | Issued a create server credential command | |||
evt | SQL Server | Security | 24068 | Issued a delete server credential command | |||
evt | SQL Server | Security | 24069 | Issued a change server credential command | |||
evt | SQL Server | Security | 24070 | Issued a change server master key command | |||
evt | SQL Server | Security | 24071 | Issued a back up server master key command | |||
evt | SQL Server | Security | 24072 | Issued a restore server master key command | |||
evt | SQL Server | Security | 24073 | Issued a map server credential to login command | |||
evt | SQL Server | Security | 24074 | Issued a remove map between server credential and login command | |||
evt | SQL Server | Security | 24075 | Issued a create server principal command | |||
evt | SQL Server | Security | 24076 | Issued a delete server principal command | |||
evt | SQL Server | Security | 24077 | Issued a change server principal credentials command | |||
evt | SQL Server | Security | 24078 | Issued a disable server principal command | |||
evt | SQL Server | Security | 24079 | Issued a change server principal default database command | |||
evt | SQL Server | Security | 24080 | Issued an enable server principal command | |||
evt | SQL Server | Security | 24081 | Issued a change server principal default language command | |||
evt | SQL Server | Security | 24082 | Issued a change server principal password expiration command | |||
evt | SQL Server | Security | 24083 | Issued a change server principal password policy command | |||
evt | SQL Server | Security | 24084 | Issued a change server principal name command | |||
evt | SQL Server | Security | 24085 | Issued a create database command | |||
evt | SQL Server | Security | 24086 | Issued a change database command | |||
evt | SQL Server | Security | 24087 | Issued a delete database command | |||
evt | SQL Server | Security | 24088 | Issued a create certificate command | |||
evt | SQL Server | Security | 24089 | Issued a change certificate command | |||
evt | SQL Server | Security | 24090 | Issued a delete certificate command | |||
evt | SQL Server | Security | 24091 | Issued a back up certificate command | |||
evt | SQL Server | Security | 24092 | Issued an access certificate command | |||
evt | SQL Server | Security | 24093 | Issued a create asymmetic key command | |||
evt | SQL Server | Security | 24094 | Issued a change asymmetic key command | |||
evt | SQL Server | Security | 24095 | Issued a delete asymmetic key command | |||
evt | SQL Server | Security | 24096 | Issued an access asymmetic key command | |||
evt | SQL Server | Security | 24097 | Issued a create database master key command | |||
evt | SQL Server | Security | 24098 | Issued a change database master key command | |||
evt | SQL Server | Security | 24099 | Issued a delete database master key command | |||
evt | SQL Server | Security | 24100 | Issued a back up database master key command | |||
evt | SQL Server | Security | 24101 | Issued a restore database master key command | |||
evt | SQL Server | Security | 24102 | Issued an open database master key command | |||
evt | SQL Server | Security | 24103 | Issued a create database symmetric key command | |||
evt | SQL Server | Security | 24104 | Issued a change database symmetric key command | |||
evt | SQL Server | Security | 24105 | Issued a delete database symmetric key command | |||
evt | SQL Server | Security | 24106 | Issued a back up database symmetric key command | |||
evt | SQL Server | Security | 24107 | Issued an open database symmetric key command | |||
evt | SQL Server | Security | 24108 | Issued a create database object command | |||
evt | SQL Server | Security | 24109 | Issued a change database object command | |||
evt | SQL Server | Security | 24110 | Issued a delete database object command | |||
evt | SQL Server | Security | 24111 | Issued an access database object command | |||
evt | SQL Server | Security | 24112 | Issued a create assembly command | |||
evt | SQL Server | Security | 24113 | Issued a change assembly command | |||
evt | SQL Server | Security | 24114 | Issued a delete assembly command | |||
evt | SQL Server | Security | 24115 | Issued a create schema command | |||
evt | SQL Server | Security | 24116 | Issued a change schema command | |||
evt | SQL Server | Security | 24117 | Issued a delete schema command | |||
evt | SQL Server | Security | 24118 | Issued a create database encryption key command | |||
evt | SQL Server | Security | 24119 | Issued a change database encryption key command | |||
evt | SQL Server | Security | 24120 | Issued a delete database encryption key command | |||
evt | SQL Server | Security | 24121 | Issued a create database user command | |||
evt | SQL Server | Security | 24122 | Issued a change database user command | |||
evt | SQL Server | Security | 24123 | Issued a delete database user command | |||
evt | SQL Server | Security | 24124 | Issued a create database role command | |||
evt | SQL Server | Security | 24125 | Issued a change database role command | |||
evt | SQL Server | Security | 24126 | Issued a delete database role command | |||
evt | SQL Server | Security | 24127 | Issued a create application role command | |||
evt | SQL Server | Security | 24128 | Issued a change application role command | |||
evt | SQL Server | Security | 24129 | Issued a delete application role command | |||
evt | SQL Server | Security | 24130 | Issued a change database user login command | |||
evt | SQL Server | Security | 24131 | Issued an auto-change database user login command | |||
evt | SQL Server | Security | 24132 | Issued a create schema object command | |||
evt | SQL Server | Security | 24133 | Issued a change schema object command | |||
evt | SQL Server | Security | 24134 | Issued a delete schema object command | |||
evt | SQL Server | Security | 24135 | Issued a transfer schema object command | |||
evt | SQL Server | Security | 24136 | Issued a create schema type command | |||
evt | SQL Server | Security | 24137 | Issued a change schema type command | |||
evt | SQL Server | Security | 24138 | Issued a delete schema type command | |||
evt | SQL Server | Security | 24139 | Issued a transfer schema type command | |||
evt | SQL Server | Security | 24140 | Issued a create XML schema collection command | |||
evt | SQL Server | Security | 24141 | Issued a change XML schema collection command | |||
evt | SQL Server | Security | 24142 | Issued a delete XML schema collection command | |||
evt | SQL Server | Security | 24143 | Issued a transfer XML schema collection command | |||
evt | SQL Server | Security | 24144 | Issued an impersonate within server scope command | |||
evt | SQL Server | Security | 24145 | Issued an impersonate within database scope command | |||
evt | SQL Server | Security | 24146 | Issued a change server object owner command | |||
evt | SQL Server | Security | 24147 | Issued a change database owner command | |||
evt | SQL Server | Security | 24148 | Issued a change schema owner command | |||
evt | SQL Server | Security | 24150 | Issued a change role owner command | |||
evt | SQL Server | Security | 24151 | Issued a change database object owner command | |||
evt | SQL Server | Security | 24152 | Issued a change symmetric key owner command | |||
evt | SQL Server | Security | 24153 | Issued a changed certificate owner command | |||
evt | SQL Server | Security | 24154 | Issued a change asymmetric key owner command | |||
evt | SQL Server | Security | 24155 | Issued a change schema object owner command | |||
evt | SQL Server | Security | 24156 | Issued a change schema type owner command | |||
evt | SQL Server | Security | 24157 | Issued a change XML schema collection owner command | |||
evt | SQL Server | Security | 24158 | Grant server permissions succeeded | |||
evt | SQL Server | Security | 24159 | Grant server permissions failed | |||
evt | SQL Server | Security | 24160 | Grant server permissions with grant succeeded | |||
evt | SQL Server | Security | 24161 | Grant server permissions with grant failed | |||
evt | SQL Server | Security | 24162 | Deny server permissions succeeded | |||
evt | SQL Server | Security | 24163 | Deny server permissions failed | |||
evt | SQL Server | Security | 24164 | Deny server permissions with cascade succeeded | |||
evt | SQL Server | Security | 24165 | Deny server permissions with cascade failed | |||
evt | SQL Server | Security | 24166 | Revoke server permissions succeeded | |||
evt | SQL Server | Security | 24167 | Revoke server permissions failed | |||
evt | SQL Server | Security | 24168 | Revoke server permissions with grant succeeded | |||
evt | SQL Server | Security | 24169 | Revoke server permissions with grant failed | |||
evt | SQL Server | Security | 24170 | Revoke server permissions with cascade succeeded | |||
evt | SQL Server | Security | 24171 | Revoke server permissions with cascade failed | |||
evt | SQL Server | Security | 24172 | Issued grant server object permissions command | |||
evt | SQL Server | Security | 24173 | Issued grant server object permissions with grant command | |||
evt | SQL Server | Security | 24174 | Issued deny server object permissions command | |||
evt | SQL Server | Security | 24175 | Issued deny server object permissions with cascade command | |||
evt | SQL Server | Security | 24176 | Issued revoke server object permissions command | |||
evt | SQL Server | Security | 24177 | Issued revoke server object permissions with grant command | |||
evt | SQL Server | Security | 24178 | Issued revoke server object permissions with cascade command | |||
evt | SQL Server | Security | 24179 | Grant database permissions succeeded | |||
evt | SQL Server | Security | 24180 | Grant database permissions failed | |||
evt | SQL Server | Security | 24181 | Grant database permissions with grant succeeded | |||
evt | SQL Server | Security | 24182 | Grant database permissions with grant failed | |||
evt | SQL Server | Security | 24183 | Deny database permissions succeeded | |||
evt | SQL Server | Security | 24184 | Deny database permissions failed | |||
evt | SQL Server | Security | 24185 | Deny database permissions with cascade succeeded | |||
evt | SQL Server | Security | 24186 | Deny database permissions with cascade failed | |||
evt | SQL Server | Security | 24187 | Revoke database permissions succeeded | |||
evt | SQL Server | Security | 24188 | Revoke database permissions failed | |||
evt | SQL Server | Security | 24189 | Revoke database permissions with grant succeeded | |||
evt | SQL Server | Security | 24190 | Revoke database permissions with grant failed | |||
evt | SQL Server | Security | 24191 | Revoke database permissions with cascade succeeded | |||
evt | SQL Server | Security | 24192 | Revoke database permissions with cascade failed | |||
evt | SQL Server | Security | 24193 | Issued grant database object permissions command | |||
evt | SQL Server | Security | 24194 | Issued grant database object permissions with grant command | |||
evt | SQL Server | Security | 24195 | Issued deny database object permissions command | |||
evt | SQL Server | Security | 24196 | Issued deny database object permissions with cascade command | |||
evt | SQL Server | Security | 24197 | Issued revoke database object permissions command | |||
evt | SQL Server | Security | 24198 | Issued revoke database object permissions with grant command | |||
evt | SQL Server | Security | 24199 | Issued revoke database object permissions with cascade command | |||
evt | SQL Server | Security | 24200 | Issued grant schema permissions command | |||
evt | SQL Server | Security | 24201 | Issued grant schema permissions with grant command | |||
evt | SQL Server | Security | 24202 | Issued deny schema permissions command | |||
evt | SQL Server | Security | 24203 | Issued deny schema permissions with cascade command | |||
evt | SQL Server | Security | 24204 | Issued revoke schema permissions command | |||
evt | SQL Server | Security | 24205 | Issued revoke schema permissions with grant command | |||
evt | SQL Server | Security | 24206 | Issued revoke schema permissions with cascade command | |||
evt | SQL Server | Security | 24207 | Issued grant assembly permissions command | |||
evt | SQL Server | Security | 24208 | Issued grant assembly permissions with grant command | |||
evt | SQL Server | Security | 24209 | Issued deny assembly permissions command | |||
evt | SQL Server | Security | 24210 | Issued deny assembly permissions with cascade command | |||
evt | SQL Server | Security | 24211 | Issued revoke assembly permissions command | |||
evt | SQL Server | Security | 24212 | Issued revoke assembly permissions with grant command | |||
evt | SQL Server | Security | 24213 | Issued revoke assembly permissions with cascade command | |||
evt | SQL Server | Security | 24214 | Issued grant database role permissions command | |||
evt | SQL Server | Security | 24215 | Issued grant database role permissions with grant command | |||
evt | SQL Server | Security | 24216 | Issued deny database role permissions command | |||
evt | SQL Server | Security | 24217 | Issued deny database role permissions with cascade command | |||
evt | SQL Server | Security | 24218 | Issued revoke database role permissions command | |||
evt | SQL Server | Security | 24219 | Issued revoke database role permissions with grant command | |||
evt | SQL Server | Security | 24220 | Issued revoke database role permissions with cascade command | |||
evt | SQL Server | Security | 24221 | Issued grant application role permissions command | |||
evt | SQL Server | Security | 24222 | Issued grant application role permissions with grant command | |||
evt | SQL Server | Security | 24223 | Issued deny application role permissions command | |||
evt | SQL Server | Security | 24224 | Issued deny application role permissions with cascade command | |||
evt | SQL Server | Security | 24225 | Issued revoke application role permissions command | |||
evt | SQL Server | Security | 24226 | Issued revoke application role permissions with grant command | |||
evt | SQL Server | Security | 24227 | Issued revoke application role permissions with cascade command | |||
evt | SQL Server | Security | 24228 | Issued grant symmetric key permissions command | |||
evt | SQL Server | Security | 24229 | Issued grant symmetric key permissions with grant command | |||
evt | SQL Server | Security | 24230 | Issued deny symmetric key permissions command | |||
evt | SQL Server | Security | 24231 | Issued deny symmetric key permissions with cascade command | |||
evt | SQL Server | Security | 24232 | Issued revoke symmetric key permissions command | |||
evt | SQL Server | Security | 24233 | Issued revoke symmetric key permissions with grant command | |||
evt | SQL Server | Security | 24234 | Issued revoke symmetric key permissions with cascade command | |||
evt | SQL Server | Security | 24235 | Issued grant certificate permissions command | |||
evt | SQL Server | Security | 24236 | Issued grant certificate permissions with grant command | |||
evt | SQL Server | Security | 24237 | Issued deny certificate permissions command | |||
evt | SQL Server | Security | 24238 | Issued deny certificate permissions with cascade command | |||
evt | SQL Server | Security | 24239 | Issued revoke certificate permissions command | |||
evt | SQL Server | Security | 24240 | Issued revoke certificate permissions with grant command | |||
evt | SQL Server | Security | 24241 | Issued revoke certificate permissions with cascade command | |||
evt | SQL Server | Security | 24242 | Issued grant asymmetric key permissions command | |||
evt | SQL Server | Security | 24243 | Issued grant asymmetric key permissions with grant command | |||
evt | SQL Server | Security | 24244 | Issued deny asymmetric key permissions command | |||
evt | SQL Server | Security | 24245 | Issued deny asymmetric key permissions with cascade command | |||
evt | SQL Server | Security | 24246 | Issued revoke asymmetric key permissions command | |||
evt | SQL Server | Security | 24247 | Issued revoke asymmetric key permissions with grant command | |||
evt | SQL Server | Security | 24248 | Issued revoke asymmetric key permissions with cascade command | |||
evt | SQL Server | Security | 24249 | Issued grant schema object permissions command | |||
evt | SQL Server | Security | 24250 | Issued grant schema object permissions with grant command | |||
evt | SQL Server | Security | 24251 | Issued deny schema object permissions command | |||
evt | SQL Server | Security | 24252 | Issued deny schema object permissions with cascade command | |||
evt | SQL Server | Security | 24253 | Issued revoke schema object permissions command | |||
evt | SQL Server | Security | 24254 | Issued revoke schema object permissions with grant command | |||
evt | SQL Server | Security | 24255 | Issued revoke schema object permissions with cascade command | |||
evt | SQL Server | Security | 24256 | Issued grant schema type permissions command | |||
evt | SQL Server | Security | 24257 | Issued grant schema type permissions with grant command | |||
evt | SQL Server | Security | 24258 | Issued deny schema type permissions command | |||
evt | SQL Server | Security | 24259 | Issued deny schema type permissions with cascade command | |||
evt | SQL Server | Security | 24260 | Issued revoke schema type permissions command | |||
evt | SQL Server | Security | 24261 | Issued revoke schema type permissions with grant command | |||
evt | SQL Server | Security | 24262 | Issued revoke schema type permissions with cascade command | |||
evt | SQL Server | Security | 24263 | Issued grant XML schema collection permissions command | |||
evt | SQL Server | Security | 24264 | Issued grant XML schema collection permissions with grant command | |||
evt | SQL Server | Security | 24265 | Issued deny XML schema collection permissions command | |||
evt | SQL Server | Security | 24266 | Issued deny XML schema collection permissions with cascade command | |||
evt | SQL Server | Security | 24267 | Issued revoke XML schema collection permissions command | |||
evt | SQL Server | Security | 24268 | Issued revoke XML schema collection permissions with grant command | |||
evt | SQL Server | Security | 24269 | Issued revoke XML schema collection permissions with cascade command | |||
evt | SQL Server | Security | 24270 | Issued reference database object permissions command | |||
evt | SQL Server | Security | 24271 | Issued send service request command | |||
evt | SQL Server | Security | 24272 | Issued check permissions with schema command | |||
evt | SQL Server | Security | 24273 | Issued use service broker transport security command | |||
evt | SQL Server | Security | 24274 | Issued use database mirroring transport security command | |||
evt | SQL Server | Security | 24275 | Issued alter trace command | |||
evt | SQL Server | Security | 24276 | Issued start trace command | |||
evt | SQL Server | Security | 24277 | Issued stop trace command | |||
evt | SQL Server | Security | 24278 | Issued enable trace C2 audit mode command | |||
evt | SQL Server | Security | 24279 | Issued disable trace C2 audit mode command | |||
evt | SQL Server | Security | 24280 | Issued server full-text command | |||
evt | SQL Server | Security | 24281 | Issued select command | |||
evt | SQL Server | Security | 24282 | Issued update command | |||
evt | SQL Server | Security | 24283 | Issued insert command | |||
evt | SQL Server | Security | 24284 | Issued delete command | |||
evt | SQL Server | Security | 24285 | Issued execute command | |||
evt | SQL Server | Security | 24286 | Issued receive command | |||
evt | SQL Server | Security | 24287 | Issued check references command | |||
evt | SQL Server | Security | 24349 | Issued a change assembly owner command | |||
evt | Suspicious | System | 104 | log was cleared | |||
evt | Suspicious | System | 512 | system starting up | |||
evt | Suspicious | System | 513 | system shutting down | |||
evt | Suspicious | System | 517 | audit log cleared | |||
evtx | Logon/Logoff | Security | 4624 | successful logon | |||
evtx | System | 12 | system starting up | ||||
evtx | System | 13 | system shutting down | ||||
evtx | System | 1074 | restart by user | ||||
evtx | System | 1102 | audit log cleared | ||||
evtx | System | 4634 | user logoff | ||||
evtx | System | 4944 | FW policy active when started | ||||
evtx | System | 4945 | app listed as an exception in FW | ||||
evtx | System | 4946 | 4947 | 4948 | change made to FW app exception list | change made to FW port exception list | ||
evtx | System | 4954 | FW group policy settings removed | ||||
evtx | System | 5154 | 5155 | FW detected an app listening for incoming traffic | |||
evtx | System | 6005 | The Event log service was started | ||||
evtx | System | 6006 | The Event log service was stopped | ||||
evtx | System | 7001 | user logged in | ||||
evtx | System | 7002 | user logged off | ||||
evtx | System | 7036 | The Windows Event Log service entered the running/stopped state | ||||
evtx | Security Controls | Microsoft-Windows-Windows Defender%40Operational | 5010 | Windows Defender scanning for spyware and other potentially unwanted software is disabled. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment