ANAVEM
EnglishFrancais
ANAVEM
Languagefr

#security-auditing

12 articles

Windows Events12

Windows security monitoring dashboard displaying audit events and privilege tracking logs
Event 6276
Microsoft-Windows-Security-Auditing
Windows EventInformation

Windows Event ID 6276 – Microsoft-Windows-Security-Auditing: Special Privileges Assigned to New Logon

Event ID 6276 records when special privileges are assigned to a user account during logon, indicating elevated access rights have been granted for the session.

March 189 min
Windows security monitoring dashboard displaying privilege assignment events in a professional SOC environment
Event 6274
Microsoft-Windows-Security-Auditing
Windows EventInformation

Windows Event ID 6274 – Microsoft-Windows-Security-Auditing: Special Privileges Assigned to New Logon

Event ID 6274 records when special privileges are assigned to a new user logon session, indicating elevated access rights have been granted for security-sensitive operations.

March 189 min
Windows Event Viewer displaying security audit logs for user account management monitoring
Event 5633
Security-Auditing
Windows EventInformation

Windows Event ID 5633 – Security-Auditing: User Account Management Audit Event

Event ID 5633 tracks user account management operations in Windows security auditing, firing when user accounts are created, modified, or deleted through administrative actions.

March 1812 min
Windows security monitoring dashboard displaying authentication package loading events in Event Viewer
Event 5632
Microsoft-Windows-Security-Auditing
Windows EventInformation

Windows Event ID 5632 – LSA: Authentication Package Loaded

Event ID 5632 indicates that an authentication package has been loaded by the Local Security Authority (LSA). This security audit event tracks when authentication providers are initialized during system startup or security subsystem changes.

March 189 min
Windows security monitoring dashboard showing Event Viewer with security audit logs and object access events
Event 5484
Microsoft-Windows-Security-Auditing
Windows EventInformation

Windows Event ID 5484 – Microsoft-Windows-Security-Auditing: A handle to an object was requested

Event ID 5484 records when a process requests a handle to an object in Windows. This security audit event tracks object access attempts for compliance and security monitoring purposes.

March 1812 min
Windows Event Viewer Security log displaying privilege assignment events on a cybersecurity monitoring dashboard
Event 5377
Microsoft-Windows-Security-Auditing
Windows EventInformation

Windows Event ID 5377 – Microsoft-Windows-Security-Auditing: Special Privileges Assigned to New Logon

Event ID 5377 records when special privileges are assigned to a new user logon session, indicating elevated access rights have been granted during authentication.

March 189 min
Windows security monitoring dashboard showing credential manager events and security logs
Event 5376
Microsoft-Windows-Security-Auditing
Windows EventInformation

Windows Event ID 5376 – Microsoft-Windows-Security-Auditing: Credential Manager Credentials Were Backed Up

Event ID 5376 fires when Windows Credential Manager credentials are backed up to a file or external location, indicating potential security activity that requires monitoring.

March 1812 min
Network security monitoring dashboard showing Windows Event Viewer with IPsec authentication events
Event 4983
Microsoft-Windows-Security-Auditing
Windows EventError

Windows Event ID 4983 – Microsoft-Windows-Security-Auditing: IPsec Main Mode Authentication Failed

Event ID 4983 indicates an IPsec Main Mode authentication failure during VPN or secure network connection establishment. This security audit event helps identify authentication issues in IPsec communications.

March 1812 min
Windows security monitoring dashboard displaying Event ID 4976 privilege tracking logs
Event 4976
Microsoft-Windows-Security-Auditing
Windows EventInformation

Windows Event ID 4976 – Microsoft-Windows-Security-Auditing: Special Logon

Event ID 4976 records when a user account is granted special privileges during logon, typically for service accounts or administrative access requiring elevated permissions.

March 189 min
Windows security monitoring dashboard displaying audit policy events in a cybersecurity operations center
Event 4963
Microsoft-Windows-Security-Auditing
Windows EventInformation

Windows Event ID 4963 – Microsoft-Windows-Security-Auditing: Object Access Auditing Disabled

Event ID 4963 indicates that object access auditing has been disabled on a Windows system. This security event fires when audit policies for file, folder, or registry access monitoring are turned off.

March 189 min
Network security monitoring dashboard showing Windows Event Viewer with IPsec authentication logs
Event 4960
Microsoft-Windows-Security-Auditing
Windows EventInformation

Windows Event ID 4960 – Microsoft-Windows-Security-Auditing: IPsec Main Mode Authentication Failed

Event ID 4960 indicates IPsec Main Mode authentication failed during IKE negotiation. This security audit event fires when Windows cannot establish secure IPsec tunnels due to authentication issues.

March 1812 min
Windows security monitoring dashboard displaying Event ID 4944 account lockout events in a SOC environment
Event 4944
Microsoft-Windows-Security-Auditing
Windows EventInformation

Windows Event ID 4944 – Microsoft-Windows-Security-Auditing: An account was locked out

Event ID 4944 indicates that a user account has been locked out due to exceeding the maximum number of failed logon attempts within the configured lockout threshold period.

March 1812 min