i. Information (including authentication information such as usernames or passwords) is created, read, updated, or deleted.
ii. Accepted or initiated network connections.
iii. User authentication and authorization to systems and networks.
iv. Granting, modification, or revocation of access rights, including adding a new user or group; changing user privileges, file permissions, database object permissions, firewall rules, and passwords.
v. System, network, or services configuration changes, including software installation, patches, updates, or other installed software changes.
vi. Startup, shutdown, or restart of an application.
vii. Application process abort, failure, or abnormal end, especially due to resource exhaustion or reaching a resource limit or threshold (such as CPU, memory, network connections, network bandwidth, disk space, or other resources), the failure of network services such as DHCP or DNS, or hardware fault.
viii. Detection of suspicious and/or malicious activity from a security system such as an Intrusion Detection or Prevention System (IDS/IPS), anti-virus system, or anti-spyware system.