Appendix. Windows log events sent to KUMA

Kaspersky Endpoint Security sends a limited subset of Windows log events to the KUMA server.

Windows log events that Kaspersky Endpoint Security sends to KUMA

Event log

Event ID

DNS Server

150

DNS Server

770

MSExchange Management

1

Security

4781

Security

6416

Security

1100

Security

1102 / 517

Security

1104

Security

1108

Security

4610 / 514

Security

4611

Security

4614 / 518

Security

4616 / 520

Security

4622

Security

4624 / 528 / 540

Security

4625 / 529

Security

4648 / 552

Security

4649

Security

4662

Security

4663

Security

4672 / 576

Security

4696

Security

4697 / 601

Security

4698 / 602

Security

4702

Security

4704 / 608

Security

4706

Security

4713/617

Security

4715

Security

4717 / 621

Security

4719 / 612

Security

4720 / 624

Security

4722 / 626

Security

4723 / 627

Security

4724 / 628

Security

4725 / 629

Security

4726 / 630

Security

4727

Security

4728 / 632

Security

4729 / 633

Security

4732 / 636

Security

4733 / 637

Security

4738 / 642

Security

4739/643

Security

4740 / 644

Security

4741

Security

4742 / 646

Security

4756 / 660

Security

4757 / 661

Security

4765

Security

4766

Security

4767

Security

4768 / 672

Security

4769 / 673

Security

4770

Security

4771 / 675

Security

4775

Security

4776 / 680

Security

4778 / 682

Security

4780 / 684

Security

4794

Security

4798

Security

4817

Security

4876 / 4877

Security

4882

Security

4885

Security

4886

Security

4887

Security

4890

Security

4891

Security

4898

Security

4899

Security

4900

Security

4902

Security

4904

Security

4905

Security

4928

Security

4946

Security

4947

Security

4948

Security

4949

Security

4950

Security

4964

Security

5025

Security

5136

Security

5137

Security

5138

Security

5139

Security

5141

Security

5142

Security

5143

Security

5144

Security

5145

Security

5148

Security

5155

Security

5376

Security

5377

Security

5632

Security

5888

Security

5889

Security

5890

Security

676

System

1

System

104

System

1056

System

12

System

13

System

6011

System

7040

System

7045

System, Source Netlogon

5723

System, Source Netlogon

5805

Terminal-Services-RemoteConnectionManager

1149

Terminal-Services-RemoteConnectionManager

1152

Terminal-Services-RemoteConnectionManager

20523

Terminal-Services-RemoteConnectionManager

258

Terminal-Services-RemoteConnectionManager

261

Windows PowerShell

400

Windows PowerShell

500

Windows PowerShell

501

Windows PowerShell

800

Application, Source ESENT

301

Application, Source ESENT

302

Application, Source ESENT

325

Application, Source ESENT

326

Application, Source ESENT

327

Application, Source ESENT

2001

Application, Source ESENT

2003

Application, Source ESENT

2005

Application, Source ESENT

2006

Application, Source ESENT

216

Application

1000

Application

1002

Application

1 / 2

Page top