#security-monitoring

Windows Event ID 4111 – Microsoft-Windows-Kernel-Process: Process Creation Auditing Event

Event ID 4111 tracks process creation events in Windows when advanced auditing is enabled. This security-focused event provides detailed information about new processes, including parent process details and command line arguments.

Windows Event ID 7045 – Service Control Manager: New Service Installation

Event ID 7045 fires when a new Windows service is installed on the system. This informational event logs service creation details including name, path, and startup type for security monitoring.