Suggestion for additions: https://www.nsa.gov/ia/_files/app/spotting_the_adversary_with_windows_event_log_monitoring.pdf Has a nice categorized list starting at page 25 with explanations and one page summary with categories / event IDs at page 8. Other events not listed in it and that might be of interest: 4719 - https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4719 4679 - https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4697
Suggestion for additions:
https://www.nsa.gov/ia/_files/app/spotting_the_adversary_with_windows_event_log_monitoring.pdf
Has a nice categorized list starting at page 25 with explanations and one page summary with categories / event IDs at page 8.
Other events not listed in it and that might be of interest:
4719 - https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4719
4679 - https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4697