#registry-auditing

3 articles

Windows Events3

Windows security monitoring dashboard displaying Event ID 5139 registry deletion events in Event Viewer

Windows Event ID 5139 – Microsoft-Windows-Security-Auditing: Registry Value Deleted

Event ID 5139 logs when a registry value is deleted on Windows systems with object access auditing enabled. Critical for security monitoring and compliance tracking.

March 1812 min

Windows security monitoring dashboard showing registry audit events and system logs

Event 5138

Microsoft-Windows-Security-Auditing

Windows EventInformation

Windows Event ID 5138 – Microsoft-Windows-Security-Auditing: Registry Value Deleted

Event ID 5138 records when a registry value is deleted on Windows systems with audit policies enabled. This security audit event helps track registry modifications for compliance and security monitoring.

March 189 min

Security analyst monitoring Windows Event ID 4657 registry audit logs on multiple screens in a SOC environment

Event 4657

Microsoft-Windows-Security-Auditing

Windows EventInformation

Windows Event ID 4657 – Microsoft-Windows-Security-Auditing: Registry Value Modified

Event ID 4657 logs when a registry value is modified on Windows systems with object access auditing enabled. Critical for security monitoring and compliance tracking.

March 1812 min