[SGA][4722] Account Enabled > [SGA][4625] Logon Failed = TargetUserName (300sec)

[SGA][4722] Account Enabled > [SGA][4624] Logon OK = TargetUserName (300sec)

Account created and deleted in a short time [SGA][4720] Account Created > [SGA][4726] Account Deleted = TargetUserName (300sec)

[SGA][4740] Account Locked Out (2sec)

[SGA][4624] Logon OK $IpAddress (2sec) 

[SGA][4624] Logon OK $TargetUserName (2sec)

[SGA][4624] Logon OK $TargetUserName > [SGA][4624] Logon OK = TargetUserName,LogonType,IpAddress > [SGA][4624] Logon OK = TargetUserName,LogonType,IpAddress (180sec)

[SGA][4624] Logon OK  $TargetUserName LogonType = 2,3,7,10,11 (2sec)

[SGA][4723] Password Changed $TargetUserName (2sec)

 [SGA][4723] Password Changed $TargetUserName (2sec) 

[SGA][4724] Password Reset $TargetUserName (2sec)

[SGA][4724] Password Reset $TargetUserName (2sec)

[SGA][4624] Logon OK $TargetUserName,IpAddress (2sec)

[SGA][4624] Logon OK $TargetUserName,IpAddress (2sec) (300sec) 10093 – Win Audit – Event Log Backup [SGA][1105] Event Log Backup (2sec) 

[SGA][1108] Event Log Service Error (2sec) 

[SGA][1100] Event Logging Service Shutdown (1sec)

[SGA][4625] Logon Failed SubStatus = 0xC0000072 (1sec)

 [SGA][4625] Logon Failed SubStatus = 0xC0000193 (1sec)

[SGA][4625] Logon Failed > [SGA][4625] Logon Failed = TargetUserName > [SGA][4625] Logon Failed = TargetUserName (10sec)

[SGA][4625] Logon Failed > [SGA][4625] Logon Failed = IpAddress > [SGA][4625] Logon Failed = IpAddress (10sec)

[SGA][4625] Logon Failed > [SGA][4625] Logon Failed = LogonType,PreviousHost > [SGA][4625] Logon Failed = LogonType,PreviousHost (5sec)

[SGA][4625] Logon Failed > [SGA][4625] Logon Failed = PreviousHost,TartgetUserName,IpAddress > [SGA][4625] Logon Failed = PreviousHost,TartgetUserName,IpAddress > [SGA][4624] Logon OK = PreviousHost,TartgetUserName,IpAddress (15sec)

SGA][4625] Logon Failed > [SGA][4625] Logon Failed = TartgetUserName,IpAddress > [SGA][4625] Logon Failed = TartgetUserName,IpAddress > [SGA][4624] Logon OK = TartgetUserName,IpAddress (15sec)

 [SGA][4625] Logon Failed = TartgetUserName > [SGA][4625] Logon Failed = TartgetUserName > [SGA][4624] Logon OK = TartgetUserName (15sec)

 [SGA][4624] Logon OK > [SGA][4624] Logon OK = TartgetUserName > [SGA][4624] Logon OK = TartgetUserName > [SGA][4624] Logon OK = TartgetUserName (30sec)

 [SGA][4624] Logon OK > [SGA][4624] Logon OK = IpAddress > [SGA][4624] Logon OK = IpAddress > [SGA][4624] Logon OK = IpAddress (30sec)

 [SGA][4624] Logon OK > [SGA][4624] Logon OK = IpAddress != TargetUserName > [SGA][4624] Logon OK = IpAddress != TargetUserName > [SGA][4624] Logon OK = IpAddress != TargetUserName (30sec)

[SGA][4625] Logon Failed > [SGA][4625] Logon Failed = TartgetUserName,IpAddress > [SGA][4625] Logon Failed = TartgetUserName,IpAddress (5sec)

[SGA][4769] A Kerberos service ticket was requested TicketOption = 0x40810000 TicketEncryptionType = 0x17 (2sec)

[SGA][4624] Logon OK LogonType = 9 LogonProcessName ~ seclogo AuthenticationPackageName ~ Negotiate (2sec)

[SGA][1102] Audit Log Cleared (1sec)

 [SGA][1104] Security Log Full (1sec)

[SGA][4719] Audit policy changed (1sec)

[SGA][4624] Logon OK $TargetUserName (300sec)

 [SGA][4624] Logon OK $TargetUserName $IpAddress(2sec)

[SGA][4728] Member Added to Global Group > [SGA][4729] Member Removed from Global Group (60sec)

[SGA][4733] Member Removed from Local Group (60sec)

 [SGA][4756] Member Added to Universal Group > [SGA][4757] Member Removed from Universal Group (60sec)

 [SGA][4728] Member Added to Global Group $TargetUserNam

[SGA][4756] Member Added to Universal Group $TargetUserName

[SGA][4728] Member Added to Global Group $TargetUserName (1sec)

[SGA][4732] Member Added to Local Group $TargetUserName (1sec)

[SGA][4756] Member Added to Universal Group (1sec)

[SGA][4624] Logon OK LogonType = 2,3,7,10,11 (2sec)

[SGA][4729] Member Removed from Global Group (1sec))

[SGA][4733] Member Removed from Local Group (1sec)

[SGA][4757] Member Removed from Universal Group (1sec)