Low

Low Priority Events and Notifications


Active Directory Account Deleted
    Active Directory - Account Deleted
Active Directory Group Membership Changed
    Active Directory - Group Membership Changed
Application Hang Detected
    Application Hang Detected
Firewall Internet Connection Latency Or Packet Loss
    Firewall internet connection latency or packet loss
Service Control Manager Error
    Windows Service Control Manager Error
PAStore Engine Applied Locally Cached Copy Of Active Directory Storage IPsec Policy On The Computer
    May contain any one of the following: PAStore Engine applied locally cached copy of Active Directory storage IPsec policy on the computer. PAStore Engine applied Active Directory storage IPsec policy on the computer. PAStore Engine applied local registry storage IPsec policy on the computer. PAStore Engine failed to apply locally cached copy of Active Directory storage IPsec policy on the computer. PAStore Engine failed to apply Active Directory storage IPsec policy on the computer. PAStore Engine failed to apply local registry storage IPsec policy on the computer. PAStore Engine failed to apply some rules of the active IPsec policy on the computer. PAStore Engine failed to load directory storage IPsec policy on the computer. PAStore Engine loaded directory storage IPsec policy on the computer. PAStore Engine failed to load local storage IPsec policy on the computer. PAStore Engine loaded local storage IPsec policy on the computer.PAStore Engine polled for changes to the active IPsec policy and detected no changes.
Application Hang Detected
    Application Hang Detected
New Application Installation
    Event Source - Microsoft-Windows-Application-Experience - Event Log - Microsoft-Windows-Application-Experience/Program-Inventory
A Privileged Service Was Called
    A privileged service was called.
A Basic Application Group Was Changed
    A basic application group was changed.
A Basic Application Group Was Created
    A basic application group was created.
A Basic Application Group Was Deleted
    A basic application group was deleted.
A Certificate Request Extension Changed
    A certificate request extension changed.
A Change Has Been Made To IPsec Settings A Connection Security Rule Was Added
    A change has been made to IPsec settings. A Connection Security Rule was added.
A Change Has Been Made To IPsec Settings A Connection Security Rule Was Deleted
    A change has been made to IPsec settings. A Connection Security Rule was deleted.
A Change Has Been Made To IPsec Settings A Connection Security Rule Was Modified
    A change has been made to IPsec settings. A Connection Security Rule was modified.
A Change Has Been Made To IPsec Settings A Crypto Set Was Added
    A change has been made to IPsec settings. A Crypto Set was added.
A Change Has Been Made To IPsec Settings A Crypto Set Was Deleted
    A change has been made to IPsec settings. A Crypto Set was deleted.
A Change Has Been Made To IPsec Settings A Crypto Set Was Modified
    A change has been made to IPsec settings. A Crypto Set was modified.
A Change Has Been Made To IPsec Settings An Authentication Set Was Added
    A change has been made to IPsec settings. An Authentication Set was added.
A Change Has Been Made To IPsec Settings An Authentication Set Was Deleted
    A change has been made to IPsec settings. An Authentication Set was deleted.
A Change Has Been Made To IPsec Settings An Authentication Set Was Modified
    A change has been made to IPsec settings. An Authentication Set was modified.
A Change Has Been Made To Windows Firewall Exception List A Rule Was Added
    A change has been made to Windows Firewall exception list. A rule was added.
A Change Has Been Made To Windows Firewall Exception List A Rule Was Deleted
    A change has been made to Windows Firewall exception list. A rule was deleted.
A Change Has Been Made To Windows Firewall Exception List A Rule Was Modified
    A change has been made to Windows Firewall exception list. A rule was modified.
A Computer Account Was Changed
    A computer account was changed.
A Computer Account Was Changed
    A computer account was changed.
A Computer Account Was Deleted
    A computer account was deleted.
A Configuration Entry Changed In Certificate Services
    A configuration entry changed in Certificate Services.
A Cryptographic Context Modification Was Attempted
    A cryptographic context modification was attempted.
A Cryptographic Context Operation Was Attempted
    A cryptographic context operation was attempted.
A Cryptographic Function Modification Was Attempted
    A cryptographic function modification was attempted.
A Cryptographic Function Operation Was Attempted
    A cryptographic function operation was attempted.
A Cryptographic Function Property Modification Was Attempted
    A cryptographic function property modification was attempted.
A Cryptographic Function Property Operation Was Attempted
    A cryptographic function property operation was attempted.
A Cryptographic Function Provider Operation Was Attempted
    A cryptographic function provider operation was attempted.
A Cryptographic Primitive Operation Failed
    A cryptographic primitive operation failed.
A Cryptographic Provider Operation Was Attempted
    A cryptographic provider operation was attempted.
A Cryptographic Self Test Was Performed
    A cryptographic self test was performed.
A Directory Service Object Was Created
    A directory service object was created.
A Directory Service Object Was Deleted
    A directory service object was deleted.
A Directory Service Object Was Modified
    A directory service object was modified.
A Directory Service Object Was Moved
    A directory service object was moved.
A Directory Service Object Was Undeleted
    A directory service object was undeleted.
A File Was Virtualized
    A file was virtualized.
A Handle To An Object Was Requested
    A handle to an object was requested.
A Handle To An Object Was Requested
    A handle to an object was requested.
A Handle To An Object Was Requested
    A handle to an object was requested.
A Handle To An Object Was Requested With Intent To Delete
    A handle to an object was requested with intent to delete.
A Kerberos Authentication Ticket Request Failed
    A Kerberos authentication ticket request failed.
A Kerberos Service Ticket Was Renewed
    A Kerberos service ticket was renewed.
A Kernel Mode Cryptographic Self Test Was Performed
    A kernel-mode cryptographic self test was performed.
A Lingering Object Was Removed From A Replica
    A lingering object was removed from a replica.
A Logon Was Attempted Using Explicit Credentials
    A logon was attempted using explicit credentials.
A Member Was Added To A Basic Application Group
    A member was added to a basic application group.
A Member Was Added To A Security Disabled Global Group
    A member was added to a security-disabled global group.
A Member Was Added To A Security Disabled Local Group
    A member was added to a security-disabled local group.
A Member Was Added To A Security Disabled Universal Group
    A member was added to a security-disabled universal group.
A Member Was Added To A Security Enabled Global Group
    A member was added to a security-enabled global group.
A Member Was Added To A Security Enabled Local Group
    A member was added to a security-enabled local group.
A Member Was Added To A Security Enabled Universal Group
    A member was added to a security-enabled universal group.
A Member Was Removed From A Basic Application Group
    A member was removed from a basic application group.
A Member Was Removed From A Security Disabled Global Group
    A member was removed from a security-disabled global group.
A Member Was Removed From A Security Disabled Local Group
    A member was removed from a security-disabled local group.
A Member Was Removed From A Security Disabled Universal Group
    A member was removed from a security-disabled universal group.
A Member Was Removed From A Security Enabled Global Group
    A member was removed from a security-enabled global group.
A Member Was Removed From A Security Enabled Local Group
    A member was removed from a security-enabled local group.
A Member Was Removed From A Security Enabled Universal Group
    A member was removed from a security-enabled universal group.
A More Restrictive Windows Filtering Platform Filter Has Blocked A Packet
    A more restrictive Windows Filtering Platform filter has blocked a packet.
A Namespace Collision Was Detected
    A namespace collision was detected.
A Network Share Object Was Accessed
    A network share object was accessed.
A New Process Has Been Created
    A new process has been created.
A Nonmember Was Added To A Basic Application Group
    A nonmember was added to a basic application group.
A Nonmember Was Removed From A Basic Application Group
    A nonmember was removed from a basic application group.
A Notification Package Has Been Loaded By The Security Account Manager
    A notification package has been loaded by the Security Account Manager.
A Primary Token Was Assigned To Process
    A primary token was assigned to process.
A Process Has Exited
    A process has exited.
A Registry Key Was Virtualized
    A registry key was virtualized.
A Registry Value Was Modified
    A registry value was modified.
A Remote Procedure Call (RPC) Was Attempted
    A Remote Procedure Call (RPC) was attempted.
A Request Was Made To Authenticate To A Wired Network
    A request was made to authenticate to a wired network.
A Request Was Made To Authenticate To A Wireless Network
    A request was made to authenticate to a wireless network.
A Request Was Submitted To The OCSP Responder Service
    A request was submitted to the OCSP Responder Service
A Rule Has Been Ignored Because Its Major Version Number Was Not Recognized By Windows Firewall
    A rule has been ignored because its major version number was not recognized by Windows Firewall.
A Rule Has Been Ignored By Windows Firewall Because IT Could Not Parse The Rule
    A rule has been ignored by Windows Firewall because it could not parse the rule.
A Rule Was Listed When The Windows Firewall Started
    A rule was listed when the Windows Firewall started.
A Scheduled Task Was Created
    A scheduled task was created.
A Scheduled Task Was Deleted
    A scheduled task was deleted.
A Scheduled Task Was Disabled
    A scheduled task was disabled.
A Scheduled Task Was Enabled
    A scheduled task was enabled.
A Scheduled Task Was Updated
    A scheduled task was updated.
A Security Disabled Global Group Was Changed
    A security-disabled global group was changed.
A Security Disabled Global Group Was Created
    A security-disabled global group was created.
A Security Disabled Global Group Was Deleted
    A security-disabled global group was deleted.
A Security Disabled Local Group Was Changed
    A security-disabled local group was changed.
A Security Disabled Local Group Was Created
    A security-disabled local group was created.
A Security Disabled Local Group Was Deleted
    A security-disabled local group was deleted.
A Security Disabled Universal Group Was Changed
    A security-disabled universal group was changed.
A Security Disabled Universal Group Was Created
    A security-disabled universal group was created.
A Security Enabled Global Group Was Deleted
    A security-enabled global group was deleted.
A Security Enabled Local Group Was Created
    A security-enabled local group was created.
A Security Enabled Local Group Was Deleted
    A security-enabled local group was deleted.
A Security Enabled Universal Group Was Deleted
    A security-enabled universal group was deleted.
A Security Package Has Been Loaded By The Local Security Authority
    A security package has been loaded by the Local Security Authority.
A Session Was Disconnected From A Window Station
    A session was disconnected from a Window Station.
A Session Was Reconnected To A Window Station
    A session was reconnected to a Window Station.
A Trust To A Domain Was Removed
    A trust to a domain was removed.
A Trusted Logon Process Has Been Registered With The Local Security Authority
    A trusted logon process has been registered with the Local Security Authority.
A User Account Was Changed
    A user account was changed.
A User Account Was Created
    A user account was created.
A User Account Was Deleted
    A user account was deleted.
A User Account Was Disabled
    A user account was disabled.
A User Account Was Enabled
    A user account was enabled.
A User Account Was Locked Out
    A user account was locked out.
A User Account Was Unlocked
    A user account was unlocked.
A User Right Was Assigned
    A user right was assigned.
A User Right Was Removed
    A user right was removed.
A Windows Filtering Platform Callout Has Been Changed
    A Windows Filtering Platform callout has been changed.
A Windows Filtering Platform Filter Has Been Changed
    A Windows Filtering Platform filter has been changed.
A Windows Filtering Platform Provider Context Has Been Changed
    A Windows Filtering Platform provider context has been changed.
A Windows Filtering Platform Provider Has Been Changed
    A Windows Filtering Platform provider has been changed.
A Windows Filtering Platform Sublayer Has Been Changed
    A Windows Filtering Platform sublayer has been changed.
A Windows Firewall Setting Has Changed
    A Windows Firewall setting has changed.
An Account Could Not Be Mapped For Logon
    An account could not be mapped for logon.
An Account Failed To Log On
    An account failed to log on.
An Account Was Logged Off
    An account was logged off.
An Account Was Mapped For Logon
    An account was mapped for logon.
An Account Was Successfully Logged On
    An account was successfully logged on.
An Active Directory Replica Destination Naming Context Was Modified
    An Active Directory replica destination naming context was modified.
An Active Directory Replica Source Naming Context Was Established
    An Active Directory replica source naming context was established.
An Active Directory Replica Source Naming Context Was Modified
    An Active Directory replica source naming context was modified.
An Active Directory Replica Source Naming Context Was Removed
    An Active Directory replica source naming context was removed.
An Application Attempted An Operation:
    An application attempted an operation:
An Application Attempted To Access A Blocked Ordinal Through The TBS
    An application attempted to access a blocked ordinal through the TBS.
An Application Client Context Was Deleted
    An application client context was deleted.
An Application Was Initialized
    An application was initialized.
An Attempt To Programmatically Disable The Windows Firewall Using A Call To InetFwProfile FirewallEnabled(False)
    An attempt to programmatically disable the Windows Firewall using a call to InetFwProfile.FirewallEnabled(False)
An Attempt Was Made To Access An Object
    An attempt was made to access an object.
An Attempt Was Made To Change An Account's Password
    An attempt was made to change an account’s password.
An Attempt Was Made To Create A Hard Link
    An attempt was made to create a hard link.
An Attempt Was Made To Create An Application Client Context
    An attempt was made to create an application client context.
An Attempt Was Made To Duplicate A Handle To An Object
    An attempt was made to duplicate a handle to an object.
An Attempt Was Made To Register A Security Event Source
    An attempt was made to register a security event source.
An Attempt Was Made To Unregister A Security Event Source
    An attempt was made to unregister a security event source.
An Authentication Package Has Been Loaded By The Local Security Authority
    An authentication package has been loaded by the Local Security Authority.
An IPsec Main Mode Negotiation Failed
    An IPsec Main Mode negotiation failed.
An IPsec Main Mode Negotiation Failed
    An IPsec Main Mode negotiation failed.
An IPsec Main Mode Security Association Ended
    An IPsec Main Mode security association ended.
An IPsec Main Mode Security Association Was Established Extended Mode Was Not Enabled A Certificate Was Used For Authentication
    An IPsec Main Mode security association was established. Extended Mode was not enabled. A certificate was used for authentication.
An IPsec Main Mode Security Association Was Established Extended Mode Was Not Enabled Certificate Authentication Was Not Used
    An IPsec Main Mode security association was established. Extended Mode was not enabled. Certificate authentication was not used.
An IPsec Quick Mode Negotiation Failed
    An IPsec Quick Mode negotiation failed.
An IPsec Quick Mode Security Association Ended
    An IPsec Quick Mode security association ended.
An IPsec Quick Mode Security Association Was Established
    An IPsec Quick Mode security association was established.
An IPsec Security Association Was Deleted
    An IPsec Security Association was deleted.
An LDAP Query Group Was Created
    An LDAP query group was created.
An Object In The COM+ Catalog Was Modified
    An object in the COM+ Catalog was modified.
An Object Was Added To The COM+ Catalog
    An object was added to the COM+ Catalog.
An Object Was Deleted
    An object was deleted.
An Object Was Deleted From The COM+ Catalog
    An object was deleted from the COM+ Catalog.
An Operation Was Attempted On A Privileged Object
    An operation was attempted on a privileged object.
An Operation Was Performed On An Object
    An operation was performed on an object.
Application Installed
    Modern app install Event Source - Microsoft-Windows-AppLocker - Event Log - Microsoft-Windows-AppLocker/Packaged app-Deployment
Application Ran
    Modern app run Event Source - Microsoft-Windows-AppLocker - Event Log - Microsoft-Windows-AppLocker/Packaged app-Execution
AppLocker Block
    Configured to audit process starts. Event Source - Microsoft-Windows-AppLocker - Event Log - Microsoft-Windows-AppLocker/EXE and DLL
Attempt To Install A Service
    Attempt to install a service
Attributes Of An Active Directory Object Were Replicated
    Attributes of an Active Directory object were replicated.
Certificate Services Security Updated
    Certificate Services template security was updated. Event Source - Microsoft-Windows-Security-Auditing - Event Log - Security
Certificate Services Updated
    A Certificate Services template was updated. Event Source - Microsoft-Windows-Security-Auditing - Event Log - Security
Certificate Services Approved A Certificate Request And Issued A Certificate
    Certificate Services approved a certificate request and issued a certificate.
Certificate Services Archived A Key
    Certificate Services archived a key.
Certificate Services Backup Completed
    Certificate Services backup completed.
Certificate Services Backup Started
    Certificate Services backup started.
Certificate Services Denied A Certificate Request
    Certificate Services denied a certificate request.
Certificate Services Imported A Certificate Into Its Database
    Certificate Services imported a certificate into its database.
Certificate Services Imported And Archived A Key
    Certificate Services imported and archived a key.
Certificate Services Published The CA Certificate To Active Directory Domain Services
    Certificate Services published the CA certificate to Active Directory Domain Services.
Certificate Services Published The Certificate Revocation List (CRL)
    Certificate Services published the certificate revocation list (CRL).
Certificate Services Received A Certificate Request
    Certificate Services received a certificate request.
Certificate Services Received A Request To Publish The Certificate Revocation List (CRL)
    Certificate Services received a request to publish the certificate revocation list (CRL).
Certificate Services Received A Request To Shut Down
    Certificate Services received a request to shut down.
Certificate Services Received A Resubmitted Certificate Request
    Certificate Services received a resubmitted certificate request.
Certificate Services Restore Completed
    Certificate Services restore completed.
Certificate Services Restore Started
    Certificate Services restore started.
Certificate Services Retrieved An Archived Key
    Certificate Services retrieved an archived key.
Certificate Services Set The Status Of A Certificate Request To Pending
    Certificate Services set the status of a certificate request to pending.
Certificate Services Started
    Certificate Services started.
Certificate Services Stopped
    Certificate Services stopped.
Conversion Worker Thread For Volume Started
    Conversion worker thread for volume started
Conversion Worker Thread For Volume Temporarily Stopped
    Conversion worker thread for volume temporarily stopped
Cryptographic Operation
    Cryptographic operation.
Decryption Of Volume Completed
    Decryption of volume completed
Decryption Of Volume Started
    Decryption of volume started
Decryption Of Volume Stopped
    Decryption of volume stopped
Detected An Invalid Page Hash Of An Image File
    Event Source - Microsoft-Windows-Security-Auditing - Event Log - Security
Disconnect From Wireless Connection
    Event Source - Microsoft-Windows-WLAN-AutoConfig - Event Log - Microsoft-Windows-WLAN-AutoConfig/Operational
DNS Query Complete
    DNS query completed (Application DNS Lookup) Event Source - Microsoft-Windows-DNS-Client - Event Log - Microsoft-Windows-DNS-Client/Operational
DNS Request-and-Response
    Requires enhanced auditing enabled. Event Source - Microsoft-Windows-DNSServer - Event Log - Microsoft-Windows-DNSServer/Analytical
DNS Response Complete
    DNS Query Response (DNS Cache service) Event Source - Microsoft-Windows-DNS-Client - Event Log - Microsoft-Windows-DNS-Client/Operational
Encryption Of Volume Completed
    Encryption of volume completed
Encryption Of Volume Started
    Encryption of volume started
Encryption Of Volume Stopped
    Encryption of volume stopped
Event Log Service Shutdown
    (Security Log) Event Log Service Shutdown Event Source - Microsoft-Windows-EventLog - Event Log - Security
Event Log Was Cleared
    Event Source - Microsoft-Windows-Eventlog - Event Log - System
Exception Raised
    PowerShell exception raised. Event Source - Microsoft-Windows-Powershell - Event Log - Microsoft-Windows-Powershell/Operational
Firewall Rule Add
    Event Source - Microsoft-Windows-Windows Firewall With Advanced Security - Event Log - Microsoft-Windows-Windows Firewall With Advanced Security/Firewall
Firewall Rule Change
    Event Source - Microsoft-Windows-Windows Firewall With Advanced Security - Event Log - Microsoft-Windows-Windows Firewall With Advanced Security/Firewall
Firewall Rules Deleted
    Event Source - Microsoft-Windows-Windows Firewall With Advanced Security - Event Log - Microsoft-Windows-Windows Firewall With Advanced Security/Firewall
Group Assigned To New Session
    Groups assigned to new Logon session Event Source - LsaSrv - Event Log - Microsoft-Windows-LSA/Operational
Hotpatching Failed
    Event Source - Microsoft-Windows-Servicing - Event Log - Setup
IKE DoS Prevention Mode Started
    IKE DoS-prevention mode started.
Indirect Access To An Object Was Requested
    Indirect access to an object was requested.
Initial State Check: Rolling Volume Conversion Transaction On 2
    Initial state check: Rolling volume conversion transaction on 2.
Internal Resources Allocated For The Queuing Of Audit Messages Have Been Exhausted, Leading To The Loss Of Some Audits
    Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits.
Invalid Use Of LPC Port
    Invalid use of LPC port.
IPsec Main Mode And Extended Mode Security Associations Were Established
    IPsec Main Mode and Extended Mode security associations were established.
IPsec Main Mode And Extended Mode Security Associations Were Established
    IPsec Main Mode and Extended Mode security associations were established.
IPsec Main Mode And Extended Mode Security Associations Were Established
    IPsec Main Mode and Extended Mode security associations were established.
IPsec Main Mode And Extended Mode Security Associations Were Established