#security-monitoring

Windows Event ID 5139 – Microsoft-Windows-Security-Auditing: Registry Value Deleted

Event ID 5139 logs when a registry value is deleted on Windows systems with object access auditing enabled. Critical for security monitoring and compliance tracking.

Windows Event ID 5138 – Microsoft-Windows-Security-Auditing: Registry Value Deleted

Event ID 5138 records when a registry value is deleted on Windows systems with audit policies enabled. This security audit event helps track registry modifications for compliance and security monitoring.

Windows Event ID 4657 – Microsoft-Windows-Security-Auditing: Registry Value Modified

Event ID 4657 logs when a registry value is modified on Windows systems with object access auditing enabled. Critical for security monitoring and compliance tracking.

Windows Event ID 4111 – Microsoft-Windows-Kernel-Process: Process Creation Auditing Event

Event ID 4111 tracks process creation events in Windows when advanced auditing is enabled. This security-focused event provides detailed information about new processes, including parent process details and command line arguments.

Windows Event ID 7045 – Service Control Manager: New Service Installation

Event ID 7045 fires when a new Windows service is installed on the system. This informational event logs service creation details including name, path, and startup type for security monitoring.