TestimoX

API Reference

Enum

AuditSubcategory

Edit on GitHub
Namespace TestimoX.Baselines.Crosswalk
Assembly TestimoX
Source TestimoX/Testimo.cs:240
Base Enum
Implements
IComparable ISpanFormattable IFormattable IConvertible
Modifiers sealed

Advanced Audit Policy subcategories. Names and descriptions mirror Windows labels/intent.

Inheritance

  • Enum
  • AuditSubcategory

Usage

This type appears in these public API surfaces even when no hand-authored example is attached directly to the page.

Returned or exposed by

Values

public const AuditSubcategory KerberosAuthenticationService #

Kerberos AS requests (TGT acquisition).

Value: 0
public const AuditSubcategory KerberosServiceTicketOperations #

Kerberos TGS requests (service tickets).

Value: 1
public const AuditSubcategory CredentialValidation #

NTLM and other credential validation events.

Value: 2
public const AuditSubcategory OtherAccountLogonEvents #

Other Account Logon events.

Value: 3
public const AuditSubcategory UserAccountManagement #

User account lifecycle (create/modify/delete).

Value: 4
public const AuditSubcategory ComputerAccountManagement #

Computer account lifecycle events.

Value: 5
public const AuditSubcategory SecurityGroupManagement #

Security group changes and membership.

Value: 6
public const AuditSubcategory DistributionGroupManagement #

Distribution group changes and membership.

Value: 7
public const AuditSubcategory ApplicationGroupManagement #

Application group management.

Value: 8
public const AuditSubcategory OtherAccountManagementEvents #

Other Account Management events.

Value: 9
public const AuditSubcategory ProcessCreation #

Process creation (4688). Often paired with command line logging.

Value: 10
public const AuditSubcategory ProcessTermination #

Process termination (4689).

Value: 11
public const AuditSubcategory DPAPIActivity #

DPAPI events (backup/restore master keys).

Value: 12
public const AuditSubcategory RPCEvents #

RPC events.

Value: 13
public const AuditSubcategory PNPActivity #

Plug and Play device activity.

Value: 14
public const AuditSubcategory DirectoryServiceAccess #

DS access reads/writes.

Value: 15
public const AuditSubcategory DirectoryServiceChanges #

DS object changes (audit directory service changes).

Value: 16
public const AuditSubcategory DirectoryServiceReplication #

DS replication operations.

Value: 17
public const AuditSubcategory DetailedDirectoryServiceReplication #

Detailed replication operations.

Value: 18
public const AuditSubcategory Logon #

Logon attempts and types.

Value: 19
public const AuditSubcategory Logoff #

Logoff events.

Value: 20
public const AuditSubcategory AccountLockout #

Account lockout events.

Value: 21
public const AuditSubcategory SpecialLogon #

Special logon (e.g., administrators).

Value: 22
public const AuditSubcategory OtherLogonLogoffEvents #

Other Logon/Logoff events.

Value: 23
public const AuditSubcategory NetworkPolicyServer #

NPS (RADIUS) server events.

Value: 24
public const AuditSubcategory UserDeviceClaims #

Claims-based access: user/device claims.

Value: 25
public const AuditSubcategory FileSystem #

File system object access.

Value: 26
public const AuditSubcategory Registry #

Registry object access.

Value: 27
public const AuditSubcategory SAM #

SAM access.

Value: 28
public const AuditSubcategory CertificationServices #

Certificate services events.

Value: 29
public const AuditSubcategory KernelObject #

Kernel object access.

Value: 30
public const AuditSubcategory RemovableStorage #

Removable storage events.

Value: 31
public const AuditSubcategory WMI #

Windows Management Instrumentation events.

Value: 32
public const AuditSubcategory CentralPolicyStaging #

Central Access Policy (staging).

Value: 33
public const AuditSubcategory FilteringPlatformPacketDrop #

WFP packet drop.

Value: 34
public const AuditSubcategory FilteringPlatformConnection #

WFP connection events.

Value: 35
public const AuditSubcategory OtherObjectAccessEvents #

Other Object Access events.

Value: 36
public const AuditSubcategory HandleManipulation #

Handle manipulation.

Value: 37
public const AuditSubcategory AuditPolicyChange #

Audit policy changed.

Value: 38
public const AuditSubcategory AuthenticationPolicyChange #

Authentication policy changed.

Value: 39
public const AuditSubcategory AuthorizationPolicyChange #

Authorization policy changed.

Value: 40
public const AuditSubcategory MPSSVCRuleLevelPolicyChange #

Windows Defender Firewall policy change.

Value: 41
public const AuditSubcategory FilteringPlatformPolicyChange #

WFP policy change.

Value: 42
public const AuditSubcategory OtherPolicyChangeEvents #

Other Policy Change events.

Value: 43
public const AuditSubcategory SensitivePrivilegeUse #

Sensitive privilege use (e.g., SeDebug, SeTcb).

Value: 44
public const AuditSubcategory NonSensitivePrivilegeUse #

Non-sensitive privilege use.

Value: 45
public const AuditSubcategory OtherPrivilegeUseEvents #

Other Privilege Use events.

Value: 46
public const AuditSubcategory SecurityStateChange #

Security state change (startup/shutdown).

Value: 47
public const AuditSubcategory SecuritySystemExtension #

Security system extension.

Value: 48
public const AuditSubcategory SystemIntegrity #

System integrity (code integrity).

Value: 49
public const AuditSubcategory IPsecDriver #

IPsec driver events.

Value: 50
public const AuditSubcategory OtherSystemEvents #

Other System events.

Value: 51