Events may belong to more than one class.
Authentication events. Broadly, anything to do with users.
Things that have been actively prevented.
Whatever doesn’t fit better into another Class.
REST API events.
Anything that can be classified as spam, not just comments.
XML-RPC events, including Pingbacks.
Web Application Firewall (WAF) events.
Anything to do with comments.