0% found this document useful (0 votes)
103 views6 pages

12 Most Important Event IDs in SOC

Ydhdhh hdjddjdj

Uploaded by

mqaisarafridi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
103 views6 pages

12 Most Important Event IDs in SOC

Ydhdhh hdjddjdj

Uploaded by

mqaisarafridi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Most Important

Event IDs in SOC


(Security Operations Center)

www.infosectrain.com
Windows Event IDs
Event ID 4624: Signals a successful account login,
vital for verifying legitimate access

Event ID 4625: Indicates a failed login attempt,


crucial for detecting unauthorized access attempts

Event ID 4768: Shows Kerberos authentication ticket


requested, crucial for access monitoring

Event ID 4776: Credential validation attempt,


essential for account security

Event ID 4697: Alerts new service installation,


monitor for unauthorized changes

Event ID 7034: Reports unexpected service


terminations, indicating malicious activity or system
issues

www.infosectrain.com
Linux/Unix Event IDs (Syslog)
LOG_AUTH: Covers authentication-related events,
vital for monitoring login attempts & access control

LOG_CRON: Scheduled task execution, critical for


system maintenance activities

LOG_DAEMON: Covers system service events, vital


for monitoring service health and performance

LOG_KERNEL: Provide insights into the behavior and


operation of the kernel Kernel-related events

LOG_USER: Includes user-level messages for


understanding behavior and detecting unauthorized
access

www.infosectrain.com
Network Device Event IDs (Syslog)
Syslog ID 4: Captures firewall events, essential for
maintaining network security and integrity

Syslog ID 5: Captures VPN events, crucial for


ensuring the availability, security, and performance of
VPN connections

Syslog ID 6: Authentication events in network


devices, crucial for secure network access control

Syslog ID 7: Intrusion detection/prevention, crucial for


threat mitigation

SIEM and IDS/IPS Event IDs


Event ID 1: IDS/IPS triggered an alert, indicating
potential security threat detected

Event ID 2: SIEM rule matched, crucial for incident


correlation and analysis

Event ID 3: Anomaly detection, crucial for identifying


deviations indicating security breaches or system issues

www.infosectrain.com
Web Server Event IDs
Event ID 200: Signals HTTP request receipt, vital for
tracking client interactions

Event ID 404: Denotes page not found, critical for


diagnosing broken links or misconfigurations

Event ID 500: Indicates an internal server error,


crucial for troubleshooting server issues

Database Server Event IDs


Event ID 102: Establishes database connection,
crucial for monitoring server connectivity

Event ID 201: Executes database query, crucial for


tracking database activity

Event ID 401: Denies database access, vital for


identifying unauthorized access attempts

www.infosectrain.com
Found This Useful?

Get More Insights


Through Our FREE
Courses | Workshops | eBooks
Checklists | Mock Tests

CLICK HERE

You might also like