Microsoft 

Microsoft Windows Event Logs are the primary auditing and logging mechanism for Windows operating systems, capturing security-relevant events including user authentication, privilege use, process creation, object access, and policy changes. The Security, System, and Application event logs provide comprehensive visibility into system activities. 

Windows Security Event Logs are foundational for enterprise security monitoring, capturing events such as logon successes and failures (4624/4625), privilege escalation (4672), process creation (4688), and group membership changes. When collected centrally, they enable detection of credential attacks, lateral movement, persistence mechanisms, and insider threats across the Windows environment.