Monitoring Windows 10 event logs is one of the best ways to detect malicious activity on your network. These are the most important types of log events to look for and what they can tell you. Windows security event log ID 4688 documents each program a computer executes, its identifying data, and the process that started it. Event 4688s occur on your system when you log into a system. For example, Session Manager Subsystem (SMSS.exe) launches at login and event 4688 is logged. The logged token elevation type shows what user rights are associated with the program.”]