The Windows Event IDs that matter most for detection and incident response, with what each one means and which ones to watch.
Common event IDs grouped by purpose, from logons and account changes to process creation, service installs and PowerShell script block logging. Search by ID or meaning and copy the ID into your SIEM.
Descriptions are summaries. Exact fields and behaviour vary by Windows version and audit policy, and PowerShell, Defender and Sysmon events only appear when those features are enabled. Confirm specifics against Microsoft documentation.
Free for learners. Tell us who you are once and every tool opens after that. It helps us keep the tools working and build what you actually need.
One time only. We never sell your data.
