The Snare application has a number of built in Audit Policies with both basic auditing and advanced auditing options. These Audit Policies have been designed to 'trap' certain Security Log event IDs and enable the user to create some of the more common audit policies without having to know which event IDs they require. The details are given below with respect to basic audit policy and advanced audit policy.

Basic Audit Policy

For each high level event, the Windows XP/2003 event IDs will be listed in blue and the Vista/2008/Windows7/Windows8/Windows10/Windows 2012 and above event IDs will be listed in green. As a rule of thumb, to find the equivalent Windows XP/2003 event ID on a newer Windows operating system, just add 4096.

...