Skip to content

Instantly share code, notes, and snippets.

@hiddenillusion

hiddenillusion/event_logs_categorized.csv

Created January 27, 2016 12:52
Show Gist options
  • Save hiddenillusion/50d8859a2d08b78e7463 to your computer and use it in GitHub Desktop.
Save hiddenillusion/50d8859a2d08b78e7463 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
event_logs_categorized.csv
Event Log Type Category Event Log Name EID Description/Message
evt Logon/Logoff Security 528 successful logon
evt Logon/Logoff Security 538 user logoff
evt Security Controls Security 848 FW policy active when started
evt Security Controls Security 849 app listed as an exception in FW
evt Security Controls Security 851 change made to FW app exception list
evt Security Controls Security 852 change made to FW port exception list
evt Security Controls Security 857 FW setting to allow remote admin has changed
evt Security Controls Security 859 FW group policy settings removed
evt Security Controls Security 860 FW switched active policy profile
evt Security Controls Security 861 FW detected an app listening for incoming traffic
evt SQL Server Security 24000 SQL audit event
evt SQL Server Security 24001 Login succeeded
evt SQL Server Security 24002 Logout succeeded
evt SQL Server Security 24003 Login failed
evt SQL Server Security 24004 Change own password succeeded
evt SQL Server Security 24005 Change own password failed
evt SQL Server Security 24006 Change password succeeded
evt SQL Server Security 24007 Change password failed
evt SQL Server Security 24008 Reset own password succeeded
evt SQL Server Security 24009 Reset own password failed
evt SQL Server Security 24010 Reset password succeeded
evt SQL Server Security 24011 Reset password failed
evt SQL Server Security 24012 Must change password
evt SQL Server Security 24013 Account unlocked
evt SQL Server Security 24014 Change application role password succeeded
evt SQL Server Security 24015 Change application role password failed
evt SQL Server Security 24016 Add member to server role succeeded
evt SQL Server Security 24017 Add member to server role failed
evt SQL Server Security 24018 Remove member from server role succeeded
evt SQL Server Security 24019 Remove member from server role failed
evt SQL Server Security 24020 Add member to database role succeeded
evt SQL Server Security 24021 Add member to database role failed
evt SQL Server Security 24022 Remove member from database role succeeded
evt SQL Server Security 24023 Remove member from database role failed
evt SQL Server Security 24024 Issued database backup command
evt SQL Server Security 24025 Issued transaction log backup command
evt SQL Server Security 24026 Issued database restore command
evt SQL Server Security 24027 Issued tranaction log restore command
evt SQL Server Security 24028 Issued database console command
evt SQL Server Security 24029 Issued a bulk administration command
evt SQL Server Security 24030 Issued an alter connection command
evt SQL Server Security 24031 Issued an alter resources command
evt SQL Server Security 24032 Issued an alter server state command
evt SQL Server Security 24033 Issued an alter server settings command
evt SQL Server Security 24034 Issued a view server state command
evt SQL Server Security 24035 Issued an external access assembly command
evt SQL Server Security 24036 Issued an unsafe assembly command
evt SQL Server Security 24037 Issued an alter resource governor command
evt SQL Server Security 24038 Issued a database authenticate command
evt SQL Server Security 24039 Issued a database checkpoint command
evt SQL Server Security 24040 Issued a database show plan command
evt SQL Server Security 24041 Issued a subscribe to query information command
evt SQL Server Security 24042 Issued a view database state command
evt SQL Server Security 24043 Issued a change server audit command
evt SQL Server Security 24044 Issued a change server audit specification command
evt SQL Server Security 24045 Issued a change database audit specification command
evt SQL Server Security 24046 Issued a create server audit command
evt SQL Server Security 24047 Issued a create server audit specification command
evt SQL Server Security 24048 Issued a created database audit specification command
evt SQL Server Security 24049 Issued a delete server audit command
evt SQL Server Security 24050 Issued a delete server audit specification command
evt SQL Server Security 24051 Issued a delete database audit specification command
evt SQL Server Security 24052 Audit failure
evt SQL Server Security 24053 Audit session changed
evt SQL Server Security 24054 Started SQL server
evt SQL Server Security 24055 Paused SQL server
evt SQL Server Security 24056 Resumed SQL server
evt SQL Server Security 24057 Stopped SQL server
evt SQL Server Security 24058 Issued a create server object command
evt SQL Server Security 24059 Issued a change server object command
evt SQL Server Security 24060 Issued a delete server object command
evt SQL Server Security 24061 Issued a create server setting command
evt SQL Server Security 24062 Issued a change server setting command
evt SQL Server Security 24063 Issued a delete server setting command
evt SQL Server Security 24064 Issued a create server cryptographic provider command
evt SQL Server Security 24065 Issued a delete server cryptographic provider command
evt SQL Server Security 24066 Issued a change server cryptographic provider command
evt SQL Server Security 24067 Issued a create server credential command
evt SQL Server Security 24068 Issued a delete server credential command
evt SQL Server Security 24069 Issued a change server credential command
evt SQL Server Security 24070 Issued a change server master key command
evt SQL Server Security 24071 Issued a back up server master key command
evt SQL Server Security 24072 Issued a restore server master key command
evt SQL Server Security 24073 Issued a map server credential to login command
evt SQL Server Security 24074 Issued a remove map between server credential and login command
evt SQL Server Security 24075 Issued a create server principal command
evt SQL Server Security 24076 Issued a delete server principal command
evt SQL Server Security 24077 Issued a change server principal credentials command
evt SQL Server Security 24078 Issued a disable server principal command
evt SQL Server Security 24079 Issued a change server principal default database command
evt SQL Server Security 24080 Issued an enable server principal command
evt SQL Server Security 24081 Issued a change server principal default language command
evt SQL Server Security 24082 Issued a change server principal password expiration command
evt SQL Server Security 24083 Issued a change server principal password policy command
evt SQL Server Security 24084 Issued a change server principal name command
evt SQL Server Security 24085 Issued a create database command
evt SQL Server Security 24086 Issued a change database command
evt SQL Server Security 24087 Issued a delete database command
evt SQL Server Security 24088 Issued a create certificate command
evt SQL Server Security 24089 Issued a change certificate command
evt SQL Server Security 24090 Issued a delete certificate command
evt SQL Server Security 24091 Issued a back up certificate command
evt SQL Server Security 24092 Issued an access certificate command
evt SQL Server Security 24093 Issued a create asymmetic key command
evt SQL Server Security 24094 Issued a change asymmetic key command
evt SQL Server Security 24095 Issued a delete asymmetic key command
evt SQL Server Security 24096 Issued an access asymmetic key command
evt SQL Server Security 24097 Issued a create database master key command
evt SQL Server Security 24098 Issued a change database master key command
evt SQL Server Security 24099 Issued a delete database master key command
evt SQL Server Security 24100 Issued a back up database master key command
evt SQL Server Security 24101 Issued a restore database master key command
evt SQL Server Security 24102 Issued an open database master key command
evt SQL Server Security 24103 Issued a create database symmetric key command
evt SQL Server Security 24104 Issued a change database symmetric key command
evt SQL Server Security 24105 Issued a delete database symmetric key command
evt SQL Server Security 24106 Issued a back up database symmetric key command
evt SQL Server Security 24107 Issued an open database symmetric key command
evt SQL Server Security 24108 Issued a create database object command
evt SQL Server Security 24109 Issued a change database object command
evt SQL Server Security 24110 Issued a delete database object command
evt SQL Server Security 24111 Issued an access database object command
evt SQL Server Security 24112 Issued a create assembly command
evt SQL Server Security 24113 Issued a change assembly command
evt SQL Server Security 24114 Issued a delete assembly command
evt SQL Server Security 24115 Issued a create schema command
evt SQL Server Security 24116 Issued a change schema command
evt SQL Server Security 24117 Issued a delete schema command
evt SQL Server Security 24118 Issued a create database encryption key command
evt SQL Server Security 24119 Issued a change database encryption key command
evt SQL Server Security 24120 Issued a delete database encryption key command
evt SQL Server Security 24121 Issued a create database user command
evt SQL Server Security 24122 Issued a change database user command
evt SQL Server Security 24123 Issued a delete database user command
evt SQL Server Security 24124 Issued a create database role command
evt SQL Server Security 24125 Issued a change database role command
evt SQL Server Security 24126 Issued a delete database role command
evt SQL Server Security 24127 Issued a create application role command
evt SQL Server Security 24128 Issued a change application role command
evt SQL Server Security 24129 Issued a delete application role command
evt SQL Server Security 24130 Issued a change database user login command
evt SQL Server Security 24131 Issued an auto-change database user login command
evt SQL Server Security 24132 Issued a create schema object command
evt SQL Server Security 24133 Issued a change schema object command
evt SQL Server Security 24134 Issued a delete schema object command
evt SQL Server Security 24135 Issued a transfer schema object command
evt SQL Server Security 24136 Issued a create schema type command
evt SQL Server Security 24137 Issued a change schema type command
evt SQL Server Security 24138 Issued a delete schema type command
evt SQL Server Security 24139 Issued a transfer schema type command
evt SQL Server Security 24140 Issued a create XML schema collection command
evt SQL Server Security 24141 Issued a change XML schema collection command
evt SQL Server Security 24142 Issued a delete XML schema collection command
evt SQL Server Security 24143 Issued a transfer XML schema collection command
evt SQL Server Security 24144 Issued an impersonate within server scope command
evt SQL Server Security 24145 Issued an impersonate within database scope command
evt SQL Server Security 24146 Issued a change server object owner command
evt SQL Server Security 24147 Issued a change database owner command
evt SQL Server Security 24148 Issued a change schema owner command
evt SQL Server Security 24150 Issued a change role owner command
evt SQL Server Security 24151 Issued a change database object owner command
evt SQL Server Security 24152 Issued a change symmetric key owner command
evt SQL Server Security 24153 Issued a changed certificate owner command
evt SQL Server Security 24154 Issued a change asymmetric key owner command
evt SQL Server Security 24155 Issued a change schema object owner command
evt SQL Server Security 24156 Issued a change schema type owner command
evt SQL Server Security 24157 Issued a change XML schema collection owner command
evt SQL Server Security 24158 Grant server permissions succeeded
evt SQL Server Security 24159 Grant server permissions failed
evt SQL Server Security 24160 Grant server permissions with grant succeeded
evt SQL Server Security 24161 Grant server permissions with grant failed
evt SQL Server Security 24162 Deny server permissions succeeded
evt SQL Server Security 24163 Deny server permissions failed
evt SQL Server Security 24164 Deny server permissions with cascade succeeded
evt SQL Server Security 24165 Deny server permissions with cascade failed
evt SQL Server Security 24166 Revoke server permissions succeeded
evt SQL Server Security 24167 Revoke server permissions failed
evt SQL Server Security 24168 Revoke server permissions with grant succeeded
evt SQL Server Security 24169 Revoke server permissions with grant failed
evt SQL Server Security 24170 Revoke server permissions with cascade succeeded
evt SQL Server Security 24171 Revoke server permissions with cascade failed
evt SQL Server Security 24172 Issued grant server object permissions command
evt SQL Server Security 24173 Issued grant server object permissions with grant command
evt SQL Server Security 24174 Issued deny server object permissions command
evt SQL Server Security 24175 Issued deny server object permissions with cascade command
evt SQL Server Security 24176 Issued revoke server object permissions command
evt SQL Server Security 24177 Issued revoke server object permissions with grant command
evt SQL Server Security 24178 Issued revoke server object permissions with cascade command
evt SQL Server Security 24179 Grant database permissions succeeded
evt SQL Server Security 24180 Grant database permissions failed
evt SQL Server Security 24181 Grant database permissions with grant succeeded
evt SQL Server Security 24182 Grant database permissions with grant failed
evt SQL Server Security 24183 Deny database permissions succeeded
evt SQL Server Security 24184 Deny database permissions failed
evt SQL Server Security 24185 Deny database permissions with cascade succeeded
evt SQL Server Security 24186 Deny database permissions with cascade failed
evt SQL Server Security 24187 Revoke database permissions succeeded
evt SQL Server Security 24188 Revoke database permissions failed
evt SQL Server Security 24189 Revoke database permissions with grant succeeded
evt SQL Server Security 24190 Revoke database permissions with grant failed
evt SQL Server Security 24191 Revoke database permissions with cascade succeeded
evt SQL Server Security 24192 Revoke database permissions with cascade failed
evt SQL Server Security 24193 Issued grant database object permissions command
evt SQL Server Security 24194 Issued grant database object permissions with grant command
evt SQL Server Security 24195 Issued deny database object permissions command
evt SQL Server Security 24196 Issued deny database object permissions with cascade command
evt SQL Server Security 24197 Issued revoke database object permissions command
evt SQL Server Security 24198 Issued revoke database object permissions with grant command
evt SQL Server Security 24199 Issued revoke database object permissions with cascade command
evt SQL Server Security 24200 Issued grant schema permissions command
evt SQL Server Security 24201 Issued grant schema permissions with grant command
evt SQL Server Security 24202 Issued deny schema permissions command
evt SQL Server Security 24203 Issued deny schema permissions with cascade command
evt SQL Server Security 24204 Issued revoke schema permissions command
evt SQL Server Security 24205 Issued revoke schema permissions with grant command
evt SQL Server Security 24206 Issued revoke schema permissions with cascade command
evt SQL Server Security 24207 Issued grant assembly permissions command
evt SQL Server Security 24208 Issued grant assembly permissions with grant command
evt SQL Server Security 24209 Issued deny assembly permissions command
evt SQL Server Security 24210 Issued deny assembly permissions with cascade command
evt SQL Server Security 24211 Issued revoke assembly permissions command
evt SQL Server Security 24212 Issued revoke assembly permissions with grant command
evt SQL Server Security 24213 Issued revoke assembly permissions with cascade command
evt SQL Server Security 24214 Issued grant database role permissions command
evt SQL Server Security 24215 Issued grant database role permissions with grant command
evt SQL Server Security 24216 Issued deny database role permissions command
evt SQL Server Security 24217 Issued deny database role permissions with cascade command
evt SQL Server Security 24218 Issued revoke database role permissions command
evt SQL Server Security 24219 Issued revoke database role permissions with grant command
evt SQL Server Security 24220 Issued revoke database role permissions with cascade command
evt SQL Server Security 24221 Issued grant application role permissions command
evt SQL Server Security 24222 Issued grant application role permissions with grant command
evt SQL Server Security 24223 Issued deny application role permissions command
evt SQL Server Security 24224 Issued deny application role permissions with cascade command
evt SQL Server Security 24225 Issued revoke application role permissions command
evt SQL Server Security 24226 Issued revoke application role permissions with grant command
evt SQL Server Security 24227 Issued revoke application role permissions with cascade command
evt SQL Server Security 24228 Issued grant symmetric key permissions command
evt SQL Server Security 24229 Issued grant symmetric key permissions with grant command
evt SQL Server Security 24230 Issued deny symmetric key permissions command
evt SQL Server Security 24231 Issued deny symmetric key permissions with cascade command
evt SQL Server Security 24232 Issued revoke symmetric key permissions command
evt SQL Server Security 24233 Issued revoke symmetric key permissions with grant command
evt SQL Server Security 24234 Issued revoke symmetric key permissions with cascade command
evt SQL Server Security 24235 Issued grant certificate permissions command
evt SQL Server Security 24236 Issued grant certificate permissions with grant command
evt SQL Server Security 24237 Issued deny certificate permissions command
evt SQL Server Security 24238 Issued deny certificate permissions with cascade command
evt SQL Server Security 24239 Issued revoke certificate permissions command
evt SQL Server Security 24240 Issued revoke certificate permissions with grant command
evt SQL Server Security 24241 Issued revoke certificate permissions with cascade command
evt SQL Server Security 24242 Issued grant asymmetric key permissions command
evt SQL Server Security 24243 Issued grant asymmetric key permissions with grant command
evt SQL Server Security 24244 Issued deny asymmetric key permissions command
evt SQL Server Security 24245 Issued deny asymmetric key permissions with cascade command
evt SQL Server Security 24246 Issued revoke asymmetric key permissions command
evt SQL Server Security 24247 Issued revoke asymmetric key permissions with grant command
evt SQL Server Security 24248 Issued revoke asymmetric key permissions with cascade command
evt SQL Server Security 24249 Issued grant schema object permissions command
evt SQL Server Security 24250 Issued grant schema object permissions with grant command
evt SQL Server Security 24251 Issued deny schema object permissions command
evt SQL Server Security 24252 Issued deny schema object permissions with cascade command
evt SQL Server Security 24253 Issued revoke schema object permissions command
evt SQL Server Security 24254 Issued revoke schema object permissions with grant command
evt SQL Server Security 24255 Issued revoke schema object permissions with cascade command
evt SQL Server Security 24256 Issued grant schema type permissions command
evt SQL Server Security 24257 Issued grant schema type permissions with grant command
evt SQL Server Security 24258 Issued deny schema type permissions command
evt SQL Server Security 24259 Issued deny schema type permissions with cascade command
evt SQL Server Security 24260 Issued revoke schema type permissions command
evt SQL Server Security 24261 Issued revoke schema type permissions with grant command
evt SQL Server Security 24262 Issued revoke schema type permissions with cascade command
evt SQL Server Security 24263 Issued grant XML schema collection permissions command
evt SQL Server Security 24264 Issued grant XML schema collection permissions with grant command
evt SQL Server Security 24265 Issued deny XML schema collection permissions command
evt SQL Server Security 24266 Issued deny XML schema collection permissions with cascade command
evt SQL Server Security 24267 Issued revoke XML schema collection permissions command
evt SQL Server Security 24268 Issued revoke XML schema collection permissions with grant command
evt SQL Server Security 24269 Issued revoke XML schema collection permissions with cascade command
evt SQL Server Security 24270 Issued reference database object permissions command
evt SQL Server Security 24271 Issued send service request command
evt SQL Server Security 24272 Issued check permissions with schema command
evt SQL Server Security 24273 Issued use service broker transport security command
evt SQL Server Security 24274 Issued use database mirroring transport security command
evt SQL Server Security 24275 Issued alter trace command
evt SQL Server Security 24276 Issued start trace command
evt SQL Server Security 24277 Issued stop trace command
evt SQL Server Security 24278 Issued enable trace C2 audit mode command
evt SQL Server Security 24279 Issued disable trace C2 audit mode command
evt SQL Server Security 24280 Issued server full-text command
evt SQL Server Security 24281 Issued select command
evt SQL Server Security 24282 Issued update command
evt SQL Server Security 24283 Issued insert command
evt SQL Server Security 24284 Issued delete command
evt SQL Server Security 24285 Issued execute command
evt SQL Server Security 24286 Issued receive command
evt SQL Server Security 24287 Issued check references command
evt SQL Server Security 24349 Issued a change assembly owner command
evt Suspicious System 104 log was cleared
evt Suspicious System 512 system starting up
evt Suspicious System 513 system shutting down
evt Suspicious System 517 audit log cleared
evtx Logon/Logoff Security 4624 successful logon
evtx System 12 system starting up
evtx System 13 system shutting down
evtx System 1074 restart by user
evtx System 1102 audit log cleared
evtx System 4634 user logoff
evtx System 4944 FW policy active when started
evtx System 4945 app listed as an exception in FW
evtx System 4946 4947 4948 change made to FW app exception list | change made to FW port exception list
evtx System 4954 FW group policy settings removed
evtx System 5154 5155 FW detected an app listening for incoming traffic
evtx System 6005 The Event log service was started
evtx System 6006 The Event log service was stopped
evtx System 7001 user logged in
evtx System 7002 user logged off
evtx System 7036 The Windows Event Log service entered the running/stopped state
evtx Security Controls Microsoft-Windows-Windows Defender%40Operational 5010 Windows Defender scanning for spyware and other potentially unwanted software is disabled.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment