From 91de098a4c2aa8ea391b965a852b74c6c2be9816 Mon Sep 17 00:00:00 2001
From: Sriraman M S <45987684+msbemba@users.noreply.github.com>
Date: Wed, 7 Dec 2022 20:34:23 +0530
Subject: [PATCH 1/4] Update event-5140.md

Updated the document per author's guidance on table

Fixes#https://github.com/MicrosoftDocs/windows-itpro-docs/issues/10657
---
 windows/security/threat-protection/auditing/event-5140.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/auditing/event-5140.md b/windows/security/threat-protection/auditing/event-5140.md
index 5d72bf2c8c..70aa2bbbdb 100644
--- a/windows/security/threat-protection/auditing/event-5140.md
+++ b/windows/security/threat-protection/auditing/event-5140.md
@@ -132,7 +132,7 @@ This event generates once per session, when first access attempt was made.
 
 **Access Request Information:**
 
--   **Access Mask** \[Type = HexInt32\]: the sum of hexadecimal values of requested access rights. See “Table 13. File access codes.” for different hexadecimal values for access rights. Has always “**0x1**” value for this event.
+-   **Access Mask** \[Type = HexInt32\]: the sum of hexadecimal values of requested access rights. See [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes) for different hexadecimal values for access rights. It always has “**0x1**” value for this event.
 
 -   **Accesses** \[Type = UnicodeString\]: the list of access rights that were requested by **Subject\\Security ID**. These access rights depend on **Object Type**. Has always “**ReadData (or ListDirectory)**” value for this event.
 

From 77a10e1d3d824e7783ac7155a61ac05cee78e0ed Mon Sep 17 00:00:00 2001
From: Sriraman M S <45987684+msbemba@users.noreply.github.com>
Date: Wed, 7 Dec 2022 20:36:58 +0530
Subject: [PATCH 2/4] Update event-4661.md

Updated per author's recommendation.
---
 windows/security/threat-protection/auditing/event-4661.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/auditing/event-4661.md b/windows/security/threat-protection/auditing/event-4661.md
index bf8b9b0543..d651a58146 100644
--- a/windows/security/threat-protection/auditing/event-4661.md
+++ b/windows/security/threat-protection/auditing/event-4661.md
@@ -163,9 +163,9 @@ This event generates only if Success auditing is enabled for the [Audit Handle M
 
 > **Note**&nbsp;&nbsp;**GUID** is an acronym for 'Globally Unique Identifier'. It is a 128-bit integer number used to identify resources, activities or instances.
 
--   **Accesses** \[Type = UnicodeString\]: the list of access rights which were requested by **Subject\\Security ID**. These access rights depend on **Object Type**. See “Table 13. File access codes.” for more information about file access rights. For information about SAM object access right use <https://technet.microsoft.com/> or other informational resources.
+-   **Accesses** \[Type = UnicodeString\]: the list of access rights which were requested by **Subject\\Security ID**. These access rights depend on **Object Type**. For more information about file access rights, see [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes). For information about SAM object access right use <https://technet.microsoft.com/> or other informational resources.
 
--   **Access Mask** \[Type = HexInt32\]: hexadecimal mask for the operation that was requested or performed. See “Table 13. File access codes.” for more information about file access rights. For information about SAM object access right use <https://technet.microsoft.com/> or other informational resources.
+-   **Access Mask** \[Type = HexInt32\]: hexadecimal mask for the operation that was requested or performed. For more information about file access rights, see [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes). For information about SAM object access right use <https://technet.microsoft.com/> or other informational resources.
 
 -   **Privileges Used for Access Check** \[Type = UnicodeString\]: the list of user privileges which were used during the operation, for example, SeBackupPrivilege. This parameter might not be captured in the event, and in that case appears as “-”. See full list of user privileges in the table below:
 
@@ -217,4 +217,4 @@ For 4661(S, F): A handle to an object was requested.
 
 > **Important**&nbsp;&nbsp;For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md).
 
--   You can get almost the same information from “[4662](event-4662.md): An operation was performed on an object.” There are no additional recommendations for this event in this document.
\ No newline at end of file
+-   You can get almost the same information from “[4662](event-4662.md): An operation was performed on an object.” There are no additional recommendations for this event in this document.

From df8bbc4d3cd0842f381d115c847bbc6be8891643 Mon Sep 17 00:00:00 2001
From: Sriraman M S <45987684+msbemba@users.noreply.github.com>
Date: Wed, 7 Dec 2022 20:38:40 +0530
Subject: [PATCH 3/4] Update event-4691.md

updated per authors recommendation
---
 windows/security/threat-protection/auditing/event-4691.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/auditing/event-4691.md b/windows/security/threat-protection/auditing/event-4691.md
index 140889746d..716abaaa34 100644
--- a/windows/security/threat-protection/auditing/event-4691.md
+++ b/windows/security/threat-protection/auditing/event-4691.md
@@ -125,12 +125,12 @@ These events are generated for [ALPC Ports](/windows/win32/etw/alpc) access requ
 
 **Access Request Information:**
 
--   **Accesses** \[Type = UnicodeString\]: the list of access rights which were requested by **Subject\\Security ID**. These access rights depend on **Object Type**. “Table 13. File access codes.” contains information about the most common access rights for file system objects. For information about ALPC ports access rights, use <https://technet.microsoft.com/> or other informational resources.
+-   **Accesses** \[Type = UnicodeString\]: the list of access rights which were requested by **Subject\\Security ID**. These access rights depend on **Object Type**. [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes) contains information about the most common access rights for file system objects. For information about ALPC ports access rights, use <https://technet.microsoft.com/> or other informational resources.
 
--   **Access Mask** \[Type = HexInt32\]: hexadecimal mask for the operation that was requested or performed. See “Table 13. File access codes.” for more information about file access rights. For information about ALPC ports access rights, use <https://technet.microsoft.com/> or other informational resources.
+-   **Access Mask** \[Type = HexInt32\]: hexadecimal mask for the operation that was requested or performed. For more information about file access rights, see [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes). For information about ALPC ports access rights, use <https://technet.microsoft.com/> or other informational resources.
 
 ## Security Monitoring Recommendations
 
 For 4691(S): Indirect access to an object was requested.
 
--   Typically this event has little to no security relevance and is hard to parse or analyze. There is no recommendation for this event, unless you know exactly what you need to monitor with ALPC Ports.
\ No newline at end of file
+-   Typically this event has little to no security relevance and is hard to parse or analyze. There is no recommendation for this event, unless you know exactly what you need to monitor with ALPC Ports.

From 2ec0032bbadbc2967f8875b12aad88f4e1a03b2e Mon Sep 17 00:00:00 2001
From: Sriraman M S <45987684+msbemba@users.noreply.github.com>
Date: Wed, 7 Dec 2022 20:40:29 +0530
Subject: [PATCH 4/4] Update event-5145.md

Updated the document per authors recommendation.
---
 windows/security/threat-protection/auditing/event-5145.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/auditing/event-5145.md b/windows/security/threat-protection/auditing/event-5145.md
index 8f47f2b4d1..5c736eaa3d 100644
--- a/windows/security/threat-protection/auditing/event-5145.md
+++ b/windows/security/threat-protection/auditing/event-5145.md
@@ -134,7 +134,7 @@ This event generates every time network share object (file or folder) was access
 
 **Access Request Information:**
 
--   **Access Mask** \[Type = HexInt32\]: the sum of hexadecimal values of requested access rights. See “Table 13. File access codes.” for different hexadecimal values for access rights.
+-   **Access Mask** \[Type = HexInt32\]: the sum of hexadecimal values of requested access rights. See [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes) for different hexadecimal values for access rights.
 
 -   **Accesses** \[Type = UnicodeString\]: the list of access rights that were requested by **Subject\\Security ID**. These access rights depend on **Object Type**.
 
@@ -318,4 +318,4 @@ For 5145(S, F): A network share object was checked to see whether client can be
 
     -   WRITE\_DAC
 
-    -   WRITE\_OWNER
\ No newline at end of file
+    -   WRITE\_OWNER