Regex ID | Rule Name | Rule Type | Common Event | Classification |
1011079 | V 2.0 : Catch All | Base Rule | Other Audit | General Audit Message |
V 2.0 : EVID 4649 : Replay Attack Detected | Sub Rule | Attack | Replay Activity |
V 2.0 : EVID 4675 : SIDs Were Filtered | Sub Rule | Other Audit | SIDs Filtered |
V 2.0 : EVID 4765 : SID History Added To Account | Sub Rule | Account Modified | User Account Attribute Modified |
V 2.0 : EVID 4766 : SID History Add Failed | Sub Rule | Access Failure | Modify Object Attribute Failure |
V 2.0 : EVID 5378 : Credential Delegation Disallowed | Sub Rule | Access Failure | Access Object Failure |
V 2.0 : EVID 4709 : IPSEC - Service Started | Sub Rule | Startup and Shutdown | Process/Service Started |
V 2.0 : EVID 4710 : IPSEC - Service Disabled | Sub Rule | Startup and Shutdown | Process/Service Stopped |
V 2.0 : EVID 4711 : PAStore - General Event | Sub Rule | Information | General IPSEC Message |
V 2.0 : EVID 4712 : IPSEC - Fatal Error Encounter | Sub Rule | Critical | General IPSec Critical |
V 2.0 : EVID 5040 : IPSEC - Auth. Set Added | Sub Rule | Configuration | Configuration Loaded : Security |
V 2.0 : EVID 5041 : IPSEC - Auth. Set Modified | Sub Rule | Configuration | Configuration Modified : Security |
V 2.0 : EVID 5042 : IPSEC - Auth. Set Deleted | Sub Rule | Configuration | Configuration Deleted : Security |
V 2.0 : EVID 5043 : IPSEC - Conn. Sec. Rule Added | Sub Rule | Configuration | Configuration Loaded : Security |
V 2.0 : EVID 5044 : IPSEC - Conn Sec Rule Modified | Sub Rule | Configuration | Configuration Modified : Security |
V 2.0 : EVID 5045 : IPSEC - Conn Sec Rule Deleted | Sub Rule | Configuration | Configuration Deleted : Security |
V 2.0 : EVID 5046 : IPSEC - Crypto Set Added | Sub Rule | Configuration | Configuration Loaded : Security |
V 2.0 : EVID 5047 : IPSEC - Crypto Set Modified | Sub Rule | Configuration | Configuration Modified : Security |
V 2.0 : EVID 5048 : IPSEC - Crypto Set Deleted | Sub Rule | Configuration | Configuration Deleted : Security |
V 2.0 : EVID 5440 : WFP - Callout Present At Start | Sub Rule | Information | Filtering Platform Startup State |
V 2.0 : EVID 5441 : WFP - Filter Present At Start | Sub Rule | Information | Filtering Platform Startup State |
V 2.0 : EVID 5442 : WFP - Prov. Present At Start | Sub Rule | Information | Filtering Platform Startup State |
V 2.0 : EVID 5443 : WFP - Prov. Cont Pres At Start | Sub Rule | Information | Filtering Platform Startup State |
V 2.0 : EVID 5444 : WFP - Sub-Layer Pres At Start | Sub Rule | Information | Filtering Platform Startup State |
V 2.0 : EVID 5446 : WFP - Callout Changed | Sub Rule | Configuration | Configuration Modified : Security |
V 2.0 : EVID 5449 : WFP - Prov. Context Changed | Sub Rule | Configuration | Configuration Modified : Security |
V 2.0 : EVID 5448 : WFP - Provider Changed | Sub Rule | Configuration | Configuration Modified : Security |
V 2.0 : EVID 5450 : WFP - Sub-layer Changed | Sub Rule | Configuration | Configuration Modified : Security |
V 2.0 : EVID 5456 : PAStore - AD IPSEC Policy Appl | Sub Rule | Information | General IPSEC Message |
V 2.0 : EVID 5457 : PAStore - AD IPSEC Policy Fail | Sub Rule | Other Audit Failure | IPSEC Policy Application Failed |
V 2.0 : EVID 5458 : PAStore - Cached AD IPSEC Policy | Sub Rule | Information | General IPSEC Message |
V 2.0 : EVID 5459 : PAStore - Cached AD IPSEC Policy | Sub Rule | Error | General IPSec Error |
V 2.0 : EVID 5460 : PAStore - Registry IPSEC Policy | Sub Rule | Information | General IPSEC Message |
V 2.0 : EVID 5461 : PAStore - Registry IPSEC Policy | Sub Rule | Error | General IPSec Error |
V 2.0 : EVID 5462 : PAStore - Fail To Apply IPSEC | Sub Rule | Error | General IPSec Error |
V 2.0 : EVID 5463 : PAStore - Poll For IPSEC Policy | Sub Rule | Information | General IPSEC Message |
V 2.0 : EVID 5464 : PAStore - Poll For IPSEC Policy | Sub Rule | Information | General IPSEC Message |
V 2.0 : EVID 5465 : PAStore - IPSEC Policy Forcibly | Sub Rule | Information | General IPSEC Message |
V 2.0 : EVID 5466 : PAStore - Unable To Reach AD | Sub Rule | Information | General IPSEC Message |
V 2.0 : EVID 5467 : PAStore - Poll For IPSEC Policy | Sub Rule | Information | General IPSEC Message |
V 2.0 : EVID 5468 : PAStore - Poll For IPSEC Policy | Sub Rule | Information | General IPSEC Message |
V 2.0 : EVID 5471 : PAStore - Local IPSEC Policy Loa | Sub Rule | Information | General IPSEC Message |
V 2.0 : EVID 4772 : Kerberos TGT Request Failed | Sub Rule | Other Audit Failure | Windows Audit Failure Event |
V 2.0 : EVID 4773 : Kerberos TGS Request Failed | Sub Rule | Access Failure | Access Object Failure |
V 2.0 : EVID 4774 : Account Successfully Mapped | Sub Rule | Other Audit Success | Account Mapped For Logon |
V 2.0 : EVID 4774 : Account Failed To Be Mapped | Sub Rule | Other Audit Failure | Account Logon Mapping Failed |
V 2.0 : EVID 4775 : Account Could Not Be Mapped | Sub Rule | Other Audit Failure | Account Logon Mapping Failed |
V 2.0 : EVID 4777 : Domain Controller Failed To Valid | Sub Rule | Other Audit Failure | Windows Audit Failure Event |
V 2.0 : EVID 4646 : IPSEC - DoS Prevention Mode Strt | Sub Rule | Information | General IPSEC Message |
V 2.0 : EVID 4650 : IPSEC - Main Mode Security | Sub Rule | Network Traffic | IPSEC Security Association Established |
V 2.0 : EVID 4651 : IPSEC - Main Mode Security | Sub Rule | Network Traffic | IPSEC Security Association Established |
V 2.0 : EVID 4652 : IPSEC - Main Mode Negotiation | Sub Rule | Error | IPSEC Negotiation Failed |
V 2.0 : EVID 4653 : IPSEC - Main Mode Negotiation | Sub Rule | Error | IPSEC Negotiation Failed |
V 2.0 : EVID 4655 : IPSEC - Main Mode Security | Sub Rule | Network Traffic | IPSEC Security Association Ended |
V 2.0 : EVID 4960 : IPSEC - Inbound Pck Integrity Flr | Sub Rule | Error | Integrity Check Failed |
V 2.0 : EVID 4961 : IPSEC - Inbound Packet Replay | Sub Rule | Error | Integrity Check Failed |
V 2.0 : EVID 4962 : IPSEC - Inbound Packet Replay | Sub Rule | Error | Integrity Check Failed |
V 2.0 : EVID 4963 : IPSEC - Inbound Packet In Clear | Sub Rule | Warning | General IPSec Warning |
V 2.0 : EVID 4965 : IPSEC - Packet Received Invalid | Sub Rule | Error | IPSEC Received Bad Packet |
V 2.0 : EVID 4976 : IPSEC - Main Mode Invalid Negot | Sub Rule | Error | IPSEC Received Bad Packet |
V 2.0 : EVID 4977 : IPSEC - Quick Mode Invalid Negot | Sub Rule | Error | IPSEC Received Bad Packet |
V 2.0 : EVID 4978 : IPSEC - Extended Mode Invalid | Sub Rule | Error | IPSEC Received Bad Packet |
V 2.0 : EVID 4979 : IPSEC - Main And Extended Mode | Sub Rule | Network Traffic | IPSEC Security Association Established |
V 2.0 : EVID 4980 : IPSEC - Main And Extended Mode | Sub Rule | Network Traffic | IPSEC Security Association Established |
V 2.0 : EVID 4981 : IPSEC - Main And Extended Mode | Sub Rule | Network Traffic | IPSEC Security Association Established |
V 2.0 : EVID 5024 : Firewall - Service Started | Sub Rule | Startup and Shutdown | Process/Service Started |
V 2.0 : EVID 5025 : Firewall - Service Stopped | Sub Rule | Startup and Shutdown | Process/Service Stopped |
V 2.0 : EVID 5027 : Firewall - ServiceUnableToRetrie | Sub Rule | Warning | Firewall Service Failed To Load Local Policy |
V 2.0 : EVID 5028 : Firewall - Service FailedToParse | Sub Rule | Warning | Firewall Service Failed To Load Local Policy |
V 2.0 : EVID 5029 : Firewall - ServiceFailedToLoadDr | Sub Rule | Warning | Driver Failed To Load |
V 2.0 : EVID 4982 : IPSEC - Main And Extended Mode | Sub Rule | Network Traffic | IPSEC Security Association Established |
V 2.0 : EVID 5030 : Firewall - Service FailedToStart | Sub Rule | Critical | Firewall Service Failed To Start |
V 2.0 : EVID 4983 : IPSEC - Extended Mode Negotiation Fail | Sub Rule | Error | IPSEC Negotiation Failed |
V 2.0 : EVID 5032 : Firewall - Unable ToNotifyUser | Sub Rule | Warning | Firewall Notification Failed |
V 2.0 : EVID 4984 : IPSEC - Extended Mode NegotFail | Sub Rule | Error | IPSEC Negotiation Failed |
V 2.0 : EVID 5049 : IPSEC - Security Assoc Deleted | Sub Rule | Configuration | Configuration Deleted : Security |
V 2.0 : EVID 5033 : Firewall - Driver StartedSucs | Sub Rule | Startup and Shutdown | Process/Service Started |
V 2.0 : EVID 5451 : IPSEC - Quick Mode Security Ass | Sub Rule | Network Traffic | IPSEC Security Association Established |
V 2.0 : EVID 5034 : Firewall - Driver Stopped | Sub Rule | Startup and Shutdown | Process/Service Stopped |
V 2.0 : EVID 5452 : IPSEC - Quick Mode Security Ass | Sub Rule | Network Traffic | IPSEC Security Association Ended |
V 2.0 : EVID 5035 : Firewall - DriverFailedToStart | Sub Rule | Critical | Firewall Driver Startup Failed |
V 2.0 : EVID 5453 : IPSEC - Negotiation Failed Due | Sub Rule | Error | IPSEC Negotiation Failed |
V 2.0 : EVID 5478 : IPSEC - Service Started | Sub Rule | Startup and Shutdown | Process/Service Started |
V 2.0 : EVID 5037 : Firewall - DriverCriticalRuntime | Sub Rule | Critical | Firewall Driver Critical Condition |
V 2.0 : EVID 5479 : IPSEC - Service Stopped | Sub Rule | Startup and Shutdown | Process/Service Stopped |
V 2.0 : EVID 5480 : IPSEC - Failed To Obtain Netw | Sub Rule | Warning | IPSEC Network Interface List Failed |
V 2.0 : EVID 5483 : IPSEC - Failed To Initialize RPC | Sub Rule | Error | IPSEC Service Failed To Start |
V 2.0 : EVID 5484 : IPSEC - Critical Service Failure | Sub Rule | Critical | IPSEC Service Error Caused Shutdown |
V 2.0 : EVID 5485 : IPSEC - Failed To Process Filter | Sub Rule | Error | IPSEC Filter Processing Failed |
V 2.0 : EVID 6400 : Branch Cache - IncorrectlyFrmated | Sub Rule | Other Audit | General Audit Message |
V 2.0 : EVID 6401 : Branch Cache - InvalidPeerDataRec | Sub Rule | Other Audit | General Audit Message |
V 2.0 : EVID 6402 : Branch Cache - IncorectlyFrmatd | Sub Rule | Other Audit | General Audit Message |
V 2.0 : EVID 6403 : Branch Cache - IncorectlyFrmatd | Sub Rule | Other Audit | General Audit Message |
V 2.0 : EVID 6404 : Branch Cache - UnablToAuth | Sub Rule | Other Audit | General Audit Message |
V 2.0 : EVID 6405 : Branch Cache - Mult EventsRecv | Sub Rule | Other Audit | General Audit Message |
V 2.0 : EVID 6406 : Branch Cache - Registration | Sub Rule | Other Audit | General Audit Message |
V 2.0 : EVID 6407 : Branch Cache - General Event | Sub Rule | Other Audit | General Audit Message |
V 2.0 : EVID 6408: Branch Cache - Regt Wind Firewall | Sub Rule | Other Audit | General Audit Message |
V 2.0 : EVID 6409 : Branch Cache - Service Conn | Sub Rule | Other Audit | General Audit Message |
V 2.0 : EVID 6145 : Sec Policy GPOs Fail To Apply | Sub Rule | Error | Policy Failed |
V 2.0 : EVID 6144 : Security Policy GPOs Applied | Sub Rule | Policy | Policy Enabled : System |
V 2.0 : EVID 5447 : WFP - Filter Changed | Sub Rule | Configuration | Configuration Modified : Security |
V 2.0 : EVID 4906 : CrashOnAuditFail Value Changed | Sub Rule | Configuration | Configuration Modified : System |
V 2.0 : EVID 4908 : Special Groups Logon Table Mod | Sub Rule | Configuration | Configuration Modified : System |
V 2.0 : EVID 4909 : Local TBS Policy Settings Mod. | Sub Rule | Policy | Policy Modified : System |
V 2.0 : EVID 4910 : Group TBS Policy Settings Modi | Sub Rule | Policy | Policy Modified : System |
V 2.0 : EVID 4902 : Per-User Policy Table Created | Sub Rule | Policy | Policy Created : System |
V 2.0 : EVID 4826 : Boot Configuration Data Loaded | Sub Rule | Configuration | Configuration Loaded : System |
V 2.0 : EVID 4864 : Namespace Collision Detected | Sub Rule | Error | Namespace Collision |
V 2.0 : EVID 4714 : Encrypted Data Rec Policy Mod | Sub Rule | Policy | Policy Modified : System |
V 2.0 : EVID 4671 : Application Attempted Access | Sub Rule | Access Failure | Access Object Failure |
V 2.0 : EVID 5148 : WFP - DoS Attack Detected | Sub Rule | Failed Denial of Service | Failed Network Denial Of Service |
V 2.0 : EVID 5149 : WFP - DoS Attack Ended | Sub Rule | Other Security | General Security |
V 2.0 : EVID 4608 : Windows Starting Up | Sub Rule | Startup and Shutdown | System Started |
V 2.0 : EVID 4612 : Audit Queuing Resources Exhaus | Sub Rule | Warning | Audit Queuing Resources Exhausted |
V 2.0 : EVID 4615 : Invalid LPC Port Use | Sub Rule | Misuse | Unauthorized Activity |
V 2.0 : EVID 4618 : User-Defined Security Event | Sub Rule | Information | General Event Log Information |
V 2.0 : EVID 4621 : Admin Recovrd Frm CrashOnAudi | Sub Rule | Information | Crash On Audit Fail Recovered |
V 2.0 : EVID 4816 : RPC Message Integrity Violation | Sub Rule | Error | RPC Integrity Violation |
V 2.0 : EVID 5038 : Invalid Image Hash | Sub Rule | Error | Integrity Check Failed |
V 2.0 : EVID 5056 : CNG - Crypto Self-Check Perf | Sub Rule | Information | Cryptographic Self Test Performed |
V 2.0 : EVID 5062 : CNG - Kernel Crypto Self-Check | Sub Rule | Information | Cryptographic Self Test Performed |
V 2.0 : EVID 5057 : CNG - Primitive Crypto Op Fail | Sub Rule | Error | Cryptographic Failure |
V 2.0 : EVID 5060 : CNG - Crypto Verification Fail | Sub Rule | Error | Cryptographic Failure |
V 2.0 : EVID 6281 : Invalid Page Hash In Image Fil | Sub Rule | Error | Integrity Check Failed |
V 2.0 : EVID 6410 : File Failed Security Check | Sub Rule | Failed Suspicious | Failed Suspicious Activity |
V 2.0 : EVID 5712 : RPC Attempted | Sub Rule | Other Audit | General Audit Message |
V 2.0 : EVID 4944 : WFP - Policy Active And Windows | Sub Rule | Information | Active Firewall Policy On Start |
V 2.0 : EVID 4949 : WFP Settings Restored To Default | Sub Rule | Configuration | Configuration Modified : Security |
V 2.0 : EVID 4954 : WFP - Group Policy Settings | Sub Rule | Configuration | Configuration Modified : Security |
V 2.0 : EVID 4783 : Basic Application Group Create | Sub Rule | Account Created | Group Created |
V 2.0 : EVID 4784 : Basic Application Group Change | Sub Rule | Account Modified | Group Attribute Modified |
V 2.0 : EVID 4785 : Member Add To Basic App Group | Sub Rule | Access Granted | Account Added To Group |
V 2.0 : EVID 4786 : Member Remove From Basic App | Sub Rule | Access Revoked | Account Removed From Group |
V 2.0 : EVID 4787 : Non-Member Add To Basic App | Sub Rule | Access Granted | Account Added To Group |
V 2.0 : EVID 4788 : Non-Memb Remove From Basic App | Sub Rule | Access Revoked | Account Removed From Group |
V 2.0 : EVID 4789 : Basic Application Group Delete | Sub Rule | Account Deleted | Group Deleted |
V 2.0 : EVID 4790 : LDAP Query Group Created | Sub Rule | Account Created | Group Created |
V 2.0 : EVID 4791 : LDAP Query Group Changed | Sub Rule | Account Modified | Group Attribute Modified |
V 2.0 : EVID 4934 : AD Object Attributes Replicate | Sub Rule | Information | AD Object Attributes Replicated |
V 2.0 : EVID 4935 : Replication Failure Begins | Sub Rule | Error | AD Replication Failure Begins |
V 2.0 : EVID 4936 : Replication Failure Ends | Sub Rule | Error | AD Replication Failure Ends |
V 2.0 : EVID 4937 : Lingering Object Removed From ADRe | Sub Rule | Access Success | Object Deleted/Removed |
V 2.0 : EVID 4792 : LDAP Query Group Deleted | Sub Rule | Account Deleted | Group Deleted |
V 2.0 : EVID 4664 : File Hard Link Created | Sub Rule | Access Success | Object Created |
V 2.0 : EVID 4690 : Object Handle Duplicated | Sub Rule | Access Success | Object Created |
V 2.0 : EVID 5039 : Registry Key Virtualized | Sub Rule | Other Audit Success | Registry Key Virtualized |
V 2.0 : EVID 5051 : File Virtualized | Sub Rule | Other Audit Success | File Virtualized |
V 2.0 : EVID 5168 : SPN Check For SMB Failed | Sub Rule | Access Failure | Access Object Failure |
V 2.0 : EVID 6275 : NPS - Accounting Request Discard | Sub Rule | Warning | Bad Request |
V 2.0 : EVID 6276 : NPS - User Quarantined | Sub Rule | Other Audit | Network Policy Server Quarantined User |
V 2.0 : EVID 6277 : NPS - Access Granted User | Sub Rule | Access Granted | Access Granted Activity |
V 2.0 : EVID 6279 : NPS - User Account Locked | Sub Rule | Access Revoked | Account Locked |
V 2.0 : EVID 6280 : NPS - User Account Unlocked | Sub Rule | Access Granted | Account Unlocked |
V 2.0 : EVID 4626 : User/Device Claims Information | Sub Rule | Information | User Information |
V 2.0 : EVID 4666 : AM - App Attempted Operation | Sub Rule | Information | General Application Information |
V 2.0 : EVID 4665 : AM - App Client Context Create | Sub Rule | Information | General Application Information |
V 2.0 : EVID 4667 : AM - App Client Context Delete | Sub Rule | Information | General Application Information |
V 2.0 : EVID 4668 : AM - Application Initialized | Sub Rule | Information | General Application Information |
V 2.0 : EVID 4985 : Transaction State Change | Sub Rule | Information | General Transaction Information |
V 2.0 : EVID 1101 : Audit Events Dropped | Sub Rule | Error | Message Dropped |
V 2.0 : EVID 4609 : Windows Shutting Down | Sub Rule | Startup and Shutdown | System Shutting Down |
V 2.0 : EVID 4654 : Quick Mode Negotiation Failed | Sub Rule | Error | IPSEC Negotiation Failed |
V 2.0 : EVIDI 4797 : Blank Passwords Queried | Sub Rule | Other Audit | General Audit Message |
V 2.0 : EVID 4820 : TGT Denied - ACL | Sub Rule | Authentication Failure | User Logon Failure |
V 2.0 : EVID 4821 : TGS Denied - ACL | Sub Rule | Access Failure | Access Object Failure |
V 2.0 : EVID 4822 : NTLM Auth Denied | Sub Rule | Authentication Failure | User Logon Failure |
V 2.0 : EVID 4823 : NTLM Auth Denied | Sub Rule | Authentication Failure | User Logon Failure |
V 2.0 : EVID 4824 : Kerberos Pre-Auth Failed | Sub Rule | Authentication Failure | User Logon Failure |
V 2.0 : EVID 4825 : RDP Access Denied | Sub Rule | Authentication Failure | User Logon Failure |
V 2.0 : EVID 4830 : SID History Removed From Account | Sub Rule | Account Modified | User Account Attribute Modified |
V 2.0 : EVID 4899 : Certificate Template Updated | Sub Rule | Access Success | Object Modified |
V 2.0 : EVID 4900 : Certificate Template Sec Update | Sub Rule | Access Success | Object Attribute Modified |
V 2.0 : EVID 5150 : Firewall - Disable Attempt | Sub Rule | Suspicious | Suspicious Activity |
V 2.0 : EVID 5071 : Key Access Denied | Sub Rule | Access Failure | Access Object Failure |
V 2.0 : EVID 5146 : WFP - Packed Blocked | Sub Rule | Network Deny | Traffic Denied by Host Firewall |
V 2.0 : EVID 5147 : WFP - Packed Blocked | Sub Rule | Network Deny | Traffic Denied by Host Firewall |
V 2.0 : EVID 5151 : File Virtualized | Sub Rule | Other Audit Success | File Virtualized |
V 2.0 : EVID 5170 : AD Object Modified | Sub Rule | Access Success | Object Modified |
V 2.0 : EVID 5472 : PAStore - Local IPSEC Policy Fail | Sub Rule | Error | General IPSec Error |
V 2.0 : EVID 5473 : PAStore - Directory Storage IPSEC | Sub Rule | Information | General IPSEC Message |
V 2.0 : EVID 5477 : PAStore - Failed To Add Quick Mod | Sub Rule | Information | General IPSEC Message |
V 2.0 : EVID 6278 : NPS - Full Access Granted To User | Sub Rule | Access Granted | Access Granted Activity |
V 2.0 : EVID 6417 : FIPS Selftest Passed | Sub Rule | Information | Cryptographic Self Test Performed |
V 2.0 : EVID 6418 : FIPS Selftest Failed | Sub Rule | Error | Cryptographic Failure |
V 2.0 : EVID 4868 : CS - Certificate Manager Denied | Sub Rule | Warning | Certificate Manager Denied Pending Cert Request |
V 2.0 : EVID 4869 : CS - Received Resubmitted Cert | Sub Rule | Other Audit | Certificate Services Rcvd Resubmitted Cert Request |
V 2.0 : EVID 4870 : CS - Certificate Revoked | Sub Rule | Other Audit | Certificate Services Rcvd Resubmitted Cert Request |
V 2.0 : EVID 4871 : CS - CRL Publication Request Rcvd | Sub Rule | Information | Certificate Svcs Received Request To Publish CRL |
V 2.0 : EVID 4872 : CS - CRL Published | Sub Rule | Information | Certificate Services Published CRL |
V 2.0 : EVID 4873 : CS - Certificate Request Extn | Sub Rule | Information | Certificate Request Extension Changed |
V 2.0 : EVID 4874 : CS - Certificate Request Change | Sub Rule | Information | Certificate Request Attributes Changed |
V 2.0 : EVID 4875 : CS - Shutdown Request Received | Sub Rule | Startup and Shutdown | Process/Service Startup Or Shutdown Activity |
V 2.0 : EVID 4876 : CS - Backup Started | Sub Rule | Information | Backup Active |
V 2.0 : EVID 4877 : CS - Backup Complete | Sub Rule | Information | Backup Completed |
V 2.0 : EVID 4878 : CS - Restore Started | Sub Rule | Information | Backup Restored |
V 2.0 : EVID 4879 : CS - Restore Completed | Sub Rule | Information | Backup Restored |
V 2.0 : EVID 4880 : CS - Services Started | Sub Rule | Startup and Shutdown | Process/Service Started |
V 2.0 : EVID 4881 : CS - Services Stopped | Sub Rule | Startup and Shutdown | Process/Service Stopped |
V 2.0 : EVID 4882 : CS -Security Permissions Modified | Sub Rule | Configuration | Configuration Modified : Application |
V 2.0 : EVID 4883 : CS - Archived Key Retrieved | Sub Rule | Information | Certificate Services Retrieved Archived Key |
V 2.0 : EVID 4884 : CS - Certificate Imported | Sub Rule | Information | Certificate Services Imported Certificate |
V 2.0 : EVID 4885 : CS - Audit Filter Modified | Sub Rule | Configuration | Configuration Modified : Application |
V 2.0 : EVID 4886 : CS - Certificate Request Received | Sub Rule | Other Audit Success | Certificate Services Received Certificate Request |
V 2.0 : EVID 4887 : CS - Certificate Issued | Sub Rule | Information | Certificate Services Issued Certificate |
V 2.0 : EVID 4888 : CS - Certificate Request Denied | Sub Rule | Warning | Certificate Services Denied Certificate Request |
V 2.0 : EVID 4889 : CS - Certificate Request Status | Sub Rule | Information | Certificate Services Set Cert Status To Pending |
V 2.0 : EVID 4890 : CS - Certificate Manager Settings | Sub Rule | Configuration | Configuration Modified : Application |
V 2.0 : EVID 4891 : CS - Configuration Entry Modified | Sub Rule | Configuration | Configuration Modified : Application |
V 2.0 : EVID 4892 : CS - Property Modified | Sub Rule | Configuration | Configuration Modified : Application |
V 2.0 : EVID 4893 : CS - Key Archived | Sub Rule | Information | Certificate Services Archived A Key |
V 2.0 : EVID 4894 : CS - Key Imported And Archived | Sub Rule | Information | Certificate Services Imported And Archived Key |
V 2.0 : EVID 4895 : CS -ADDS CA Certificate Published | Sub Rule | Information | Certificate Services Published CA Certificate |
V 2.0 : EVID 4896 : CS - Rows Deleted From Database | Sub Rule | Information | Certificate Services Database Rows Deleted |
V 2.0 : EVID 4897 : CS - Role Separation Enabled | Sub Rule | Configuration | Configuration Modified : Application |
V 2.0 : EVID 4898 : CS - Template Loaded | Sub Rule | Information | Certificate Services Loaded Template |
V 2.0 : EVID 5120 : CS - OCSP Responder Started | Sub Rule | Startup and Shutdown | Process/Service Started |
V 2.0 : EVID 5121 : CS - OCSP Responder Stopped | Sub Rule | Startup and Shutdown | Process/Service Stopped |
V 2.0 : EVID 5122 : CS - OCSP Config Changed | Sub Rule | Configuration | Configuration Modified : Application |
V 2.0 : EVID 4649 : Replay Attack Detected | Sub Rule | Attack | Replay Activity |
V 2.0 : EVID 5123 : CS - OCSP Config Changed | Sub Rule | Configuration | Configuration Modified : Application |
V 2.0 : EVID 5124 : CS - OCSP Security Changed | Sub Rule | Configuration | Configuration Modified : Application |
V 2.0 : EVID 5125 : CS - OCSP Request | Sub Rule | Other Audit Success | Request Received |
V 2.0 : EVID 5126 : CS - OCSP Signer Updated | Sub Rule | Configuration | Configuration Modified : Application |
V 2.0 : EVID 5127 : CS - OCSP Provider Updated | Sub Rule | Configuration | Configuration Modified : Application |