Security does by no means stop with the implementation of products designed to safeguard Windows from malicious code or exploits. For those who are little shy of digging into the security events logged by the operating system, Microsoft has released a list designed to enumerate all the security audit events for the next iteration of its Windows client and server operating systems, namely Windows Server 2008 R2 and Windows 7. Security Audit Events for Windows 7 and Windows Server 2008 R2 is an Excel file that is currently up for grabs via the Microsoft Download Center.

“You can use Windows security and system logs to record and store collected security events so that you can track key system and network activities to monitor potentially harmful behaviors and to mitigate those risks. You customize system log events by configuring auditing based on categories of security events such as changes to user account and resource permissions, failed attempts for user logon, failed attempts to access resources, and attempts to modify system files. The information in this download can help you analyze the data included in event log data,” Microsoft informed.

The resource is divided into two parts, the first focused on Security Audit Events, and the second covering Complete Event Messages. Customers will be able to track a certain security audit event in relation to its ID, category and Subcategory, and summary. Microsoft is offering information on items such as Event ID 4774 in Account Logon>Credential Validation, which indicates that “An account was mapped for logon,” on Windows Vista and Windows Server 2008.

Another example is Event ID 6281 in System>System Integrity on Windows 7 and Windows Server 2008 R2, which reveales that “Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.”