Event ID 4608 - Windows is Starting Up

Event ID 4608 - Windows is Starting Up

Json log sample:

{

"EventTime": "2017/08/25 14:09:12"

"Hostname": "DELL-PC"

"Keywords": -9214364837600034816

"EventType": "AUDIT_SUCCESS"

"SeverityValue": 2

"Severity": "INFO"

"EventID": 4608

"SourceName": "Microsoft-Windows-Security-Auditing"

"ProviderGuid": "{54849625-5478-4994-A5BA-3E3B0328C30D}"

"Version": 0

"Task": 12288

"OpcodeValue": 0

"RecordNumber": 23718721

"ProcessID": 688

"ThreadID": 692

"Channel": "Security"

"Message": "Windows is starting up."

"Category": "Security State Change"

"Opcode": "Info"

"EventReceivedTime": "2017/08/25 14:09:12"

"SourceModuleName": "in"

"SourceModuleType": "im_msvistalog"

}

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.