update documentation

elastic · Apr 16, 2020 · 6e4c6ef · 6e4c6ef
1 parent bd8c2e3
commit 6e4c6ef
Showing 1 changed file with 41 additions and 1 deletion.
diff --git a/winlogbeat/docs/modules/security.asciidoc b/winlogbeat/docs/modules/security.asciidoc
@@ -19,8 +19,16 @@ The module has transformations for the following event IDs:
 * 4647 - User initiated logoff (interactive logon types).
 * 4648 - A logon was attempted using explicit credentials.
 * 4672 - Special privileges assigned to new logon.
+* 4673 - A privileged service was called.
+* 4674 - An operation was attempted on a privileged object.
 * 4688 - A new process has been created.
 * 4689 - A process has exited.
+* 4697 - A service was installed in the system.
+* 4698 - A scheduled task was created.
+* 4699 - A scheduled task was deleted.
+* 4700 - A scheduled task was enabled.
+* 4701 - A scheduled task was disabled.
+* 4702 - A scheduled task was updated.
 * 4719 - System audit policy was changed.
 * 4720 - A user account was created.
 * 4722 - A user account was enabled.
@@ -32,7 +40,7 @@ The module has transformations for the following event IDs:
 * 4728 - A member was added to a security-enabled global group.
 * 4729 - A member was removed from a security-enabled global group.
 * 4730 - A security-enabled global group was deleted.
-* 4731 - A security-enabled local group was created
+* 4731 - A security-enabled local group was created.
 * 4732 - A member was added to a security-enabled local group.
 * 4733 - A member was removed from a security-enabled local group.
 * 4734 - A security-enabled local group was deleted.
@@ -65,9 +73,41 @@ The module has transformations for the following event IDs:
 * 4763 - A security-disabled global group was deleted.
 * 4764 - A group's type was changed.
 * 4767 - An account was unlocked.
+* 4741 - A computer account was created.
+* 4742 - A computer account was changed.
+* 4743 - A computer account was deleted.
+* 4744 - A security-disabled local group was created.
+* 4745 - A security-disabled local group was changed.
+* 4746 - A member was added to a security-disabled local group.
+* 4747 - A member was removed from a security-disabled local group.
+* 4748 - A security-disabled local group was deleted.
+* 4749 - A security-disabled global group was created.
+* 4750 - A security-disabled global group was changed.
+* 4751 - A member was added to a security-disabled global group.
+* 4752 - A member was removed from a security-disabled global group.
+* 4753 - A security-disabled global group was deleted.
+* 4754 - A security-enabled universal group was created.
+* 4755 - A security-enabled universal group was changed.
+* 4756 - A member was added to a security-enabled universal group.
+* 4757 - A member was removed from a security-enabled universal group.
+* 4758 - A security-enabled universal group was deleted.
+* 4759 - A security-disabled universal group was created.
+* 4760 - A security-disabled universal group was changed.
+* 4761 - A member was added to a security-disabled universal group.
+* 4762 - A member was removed from a security-disabled universal group.
+* 4763 - A security-disabled global group was deleted.
+* 4764 - A group's type was changed.
+* 4768 - A Kerberos authentication ticket TGT was requested.
+* 4769 - A Kerberos service ticket was requested.
+* 4770 - A Kerberos service ticket was renewed.
+* 4771 - Kerberos pre-authentication failed.
+* 4776 - The computer attempted to validate the credentials for an account.
+* 4778 - A session was reconnected to a Window Station.
+* 4779 - A session was disconnected from a Window Station.
 * 4781 - The name of an account was changed.
 * 4798 - A user's local group membership was enumerated.
 * 4799 - A security-enabled local group membership was enumerated.
+* 4964 - Special groups have been assigned to a new logon.
 
 More event IDs will be added.