Read-only security access is used by event log scraper in IDFW.
After creating a new user account you must enable read-only security log access on a Windows 2008 and later server-based domain section, to grant the user read-only access
Members of the Event Log Readers group are granted permissions to read the event logs on the local computer. You must perform these steps on one Domain Controller of the domain, tree, or forest.
Prerequisites
The domain account must have Active Directory read permission for all objects in the domain tree. The event log reader account must have read permissions for security event logs.