From 1832c140314553c9f6339ed3760c8a7e1f3081fa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jose=20Sebasti=C3=A1n=20Can=C3=B3s?=
 <ep3p@users.noreply.github.com>
Date: Wed, 25 Jan 2023 11:25:35 +0100
Subject: [PATCH] Update event-4670.md

---
 .../security/threat-protection/auditing/event-4670.md  | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/auditing/event-4670.md b/windows/security/threat-protection/auditing/event-4670.md
index 9509f490e5..f20653ded7 100644
--- a/windows/security/threat-protection/auditing/event-4670.md
+++ b/windows/security/threat-protection/auditing/event-4670.md
@@ -235,14 +235,14 @@ Example: D:(A;;FA;;;WD)
 | "GR"                       | GENERIC READ                    | "SD"                 | Delete                   |
 | "GW"                       | GENERIC WRITE                   | "WD"                 | Modify Permissions       |
 | "GX"                       | GENERIC EXECUTE                 | "WO"                 | Modify Owner             |
-| File access rights         | "RP"                            | Read All Properties  |
+| File access rights         |                                 | "RP"                 | Read All Properties      |
 | "FA"                       | FILE ALL ACCESS                 | "WP"                 | Write All Properties     |
 | "FR"                       | FILE GENERIC READ               | "CC"                 | Create All Child Objects |
 | "FW"                       | FILE GENERIC WRITE              | "DC"                 | Delete All Child Objects |
 | "FX"                       | FILE GENERIC EXECUTE            | "LC"                 | List Contents            |
-| Registry key access rights | "SW"                            | All Validated Writes |
-| "KA"                       | "LO"                            | "LO"                 | List Object              |
-| "K"                        | KEY READ                        | "DT"                 | Delete Subtree           |
+| Registry key access rights |                                 | "SW"                 | Self Write               |
+| "KA"                       | KEY ALL ACCESS                  | "LO"                 | List Object              |
+| "KR"                       | KEY READ                        | "DT"                 | Delete Subtree           |
 | "KW"                       | KEY WRITE                       | "CR"                 | All Extended Rights      |
 | "KX"                       | KEY EXECUTE                     |                      |                          |
 
@@ -272,4 +272,4 @@ For file system and registry objects, the following recommendations apply.
 
 - If you have critical registry objects for which you need to monitor all modifications (especially permissions changes and owner changes), monitor for the specific **Object\\Object Name.**
 
-- If you have high-value computers for which you need to monitor all changes for all or specific objects (for example, file system or registry objects), monitor for all [4670](event-4670.md) events on these computers<b>.</b> For example, you could monitor the **ntds.dit** file on domain controllers.
\ No newline at end of file
+- If you have high-value computers for which you need to monitor all changes for all or specific objects (for example, file system or registry objects), monitor for all [4670](event-4670.md) events on these computers<b>.</b> For example, you could monitor the **ntds.dit** file on domain controllers.