Best Practices

In this Topic

Overview

This topic is under construction.

Windows Event IDs

The following Windows Event IDs are not required for PCI DSS Compliance and can safely be excluded from Event Log Consolidation and Log Entry Retention Policies.

Event IDSummaryDescription
4627 Group membership information. This event generates with �4624(S): An account was successfully logged on� and shows the list of groups that the logged-on account belongs to.
4658 The handle to an object was closed. This event generates when the handle to an object is closed. The object could be a file system, kernel, or registry object, or a file system object on removable storage or a device.
4769 A Kerberos service ticket was requested. This event generates every time Key Distribution Center gets a Kerberos Ticket Granting Service (TGS) ticket request. This event generates only on domain controllers.
4770 A Kerberos service ticket was renewed. This event generates for every Ticket Granting Service (TGS) ticket renewal. This event generates only on domain controllers.
4798 A user's local group membership was enumerated. This event generates when a process enumerates a user's security-enabled local groups on a computer or device.
4799 A security-enabled local group membership was enumerated. This event generates when a process enumerates the members of a security-enabled local group on the computer or device.
5156 The Windows Filtering Platform has permitted a connection. This event generates when Windows Filtering Platform has allowed a connection.