Windows Event Monitoring
02-16-2023
List of security related Windows Event IDs that should be monitored.
Based on NSA list @ https://github.com/nsacyber/Event-Forwarding-Guidance/tree/master/Events
Language or Platform: Other
Code:
# List with comma separation:
4740,4648,4781,4733,1518,4776,5376,5377,4625,300,4634,4672,4720,4722,4782,4793,4731,4735,4766,4765,4624,1511,4726,4725,4767,4728,4732,4756,4704,1000,1002,1001,8023,8020,8002,8003,
8004,8006,8007,4688,4689,8005,865,866,867,868,882,1074,13,12,95,4886,4890,4874,4873,4870,4887,4885,4891,4888,4898,4882,4892,4880,4881,4900,4899,4896,1006,1004,1007,1003,1100,104,
1102,5137,5141,5136,5139,5138,3008,256,257,3020,43,400,410,1126,1129,1125,3001,3002,3003,3004,3010,3023,5038,6281,219,11,70,90,10000,10001,8000,8011,8001,11000,11001,11002,12011,
12012,12013,11004,11005,11010,11006,4714,4713,4769,6273,6275,6274,6272,6278,6277,6279,6276,6280,5140,5145,5142,5144,4706,1024,20250,20274,20275,4897,4719,4716,4779,4778,5632,800,
169,4103,4104,4105,4106,307,903,904,6,1022,1033,7045,907,908,7000,2,905,906,19,4657,1,4616,7022,7023,7024,7026,7031,7032,7034,106,141,142,200,1008,1116,1010,2003,2001,1009,1118,
1119,1117,2004,1005,5008,2009,2005,2006,2033,20,24,25,31,34,35
# List with Event ID on each line:
1
2
6
11
12
13
19
20
24
25
31
34
35
43
70
90
95
104
106
141
142
169
200
219
256
257
300
307
400
410
800
865
866
867
868
882
903
904
905
906
907
908
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1022
1024
1033
1074
1100
1102
1116
1117
1118
1119
1125
1126
1129
1511
1518
2001
2003
2004
2005
2006
2009
2033
3001
3002
3003
3004
3008
3010
3020
3023
4103
4104
4105
4106
4616
4624
4625
4634
4648
4657
4672
4688
4689
4704
4706
4713
4714
4716
4719
4720
4722
4725
4726
4728
4731
4732
4733
4735
4740
4756
4765
4766
4767
4769
4776
4778
4779
4781
4782
4793
4870
4873
4874
4880
4881
4882
4885
4886
4887
4888
4890
4891
4892
4896
4897
4898
4899
4900
5008
5038
5136
5137
5138
5139
5140
5141
5142
5144
5145
5376
5377
5632
6272
6273
6274
6275
6276
6277
6278
6279
6280
6281
7000
7022
7023
7024
7026
7031
7032
7034
7045
8000
8001
8002
8003
8004
8005
8006
8007
8011
8020
8023
10000
10001
11000
11001
11002
11004
11005
11006
11010
12011
12012
12013
20250
20274
20275