diff --git a/ee/app/services/ee/personal_access_tokens/create_service.rb b/ee/app/services/ee/personal_access_tokens/create_service.rb
index 5bb4f21927a34bb34990d647a261251ea637acdc..8ce19d1ca8ca39441650fae271fed355d61134e9 100644
--- a/ee/app/services/ee/personal_access_tokens/create_service.rb
+++ b/ee/app/services/ee/personal_access_tokens/create_service.rb
@@ -5,30 +5,28 @@ module PersonalAccessTokens
     module CreateService
       def execute
         super.tap do |response|
-          log_audit_event(response.payload[:personal_access_token], response)
+          send_audit_event(response)
         end
       end
 
       private
 
-      def log_audit_event(token, response)
-        audit_event_service(token, response).for_user(full_path: target_user.username, entity_id: target_user.id).security_event
-      end
-
-      def audit_event_service(token, response)
+      def send_audit_event(response)
         message = if response.success?
-                    "Created personal access token with id #{token.id}"
+                    "Created personal access token with id #{response.payload[:personal_access_token].id}"
                   else
                     "Attempted to create personal access token but failed with message: #{response.message}"
                   end
 
-        ::AuditEventService.new(
-          current_user,
-          target_user,
-          action: :custom,
-          custom_message: message,
-          ip_address: ip_address
-        )
+        audit_context = {
+          name: 'personal_access_token_created',
+          author: current_user,
+          scope: current_user,
+          target: target_user,
+          message: message
+        }
+
+        ::Gitlab::Audit::Auditor.audit(audit_context)
       end
     end
   end
diff --git a/ee/app/services/ee/personal_access_tokens/revoke_service.rb b/ee/app/services/ee/personal_access_tokens/revoke_service.rb
index 8aacccc5b7e6de52fe7511d9554533680359cc5e..a83d5dd9c610eefda0f2ee44192c6a3967f0b31a 100644
--- a/ee/app/services/ee/personal_access_tokens/revoke_service.rb
+++ b/ee/app/services/ee/personal_access_tokens/revoke_service.rb
@@ -8,7 +8,7 @@ module RevokeService
 
       def execute
         super.tap do |response|
-          log_audit_event(token, response)
+          send_audit_event(token, response)
         end
       end
 
@@ -28,25 +28,24 @@ def managed_user_revocation_allowed?
           can?(current_user, :admin_group_credentials_inventory, group)
       end
 
-      def log_audit_event(token, response)
-        return unless token.present?
-
-        audit_event_service(token, response).for_user(full_path: token.user.username, entity_id: token.user.id).security_event
-      end
+      def send_audit_event(token, response)
+        return unless token
 
-      def audit_event_service(token, response)
         message = if response.success?
                     "Revoked personal access token with id #{token.id}"
                   else
                     "Attempted to revoke personal access token with id #{token.id} but failed with message: #{response.message}"
                   end
 
-        ::AuditEventService.new(
-          current_user,
-          token.user,
-          action: :custom,
-          custom_message: message
-        )
+        audit_context = {
+          name: 'personal_access_token_revoked',
+          author: current_user,
+          scope: current_user,
+          target: token&.user,
+          message: message
+        }
+
+        ::Gitlab::Audit::Auditor.audit(audit_context)
       end
     end
   end
diff --git a/ee/config/audit_events/types/personal_access_token_created.yml b/ee/config/audit_events/types/personal_access_token_created.yml
new file mode 100644
index 0000000000000000000000000000000000000000..9b03dcd32b8ab6c10935af406eb9e1cac86d4279
--- /dev/null
+++ b/ee/config/audit_events/types/personal_access_token_created.yml
@@ -0,0 +1,9 @@
+---
+name: personal_access_token_created
+description: Event triggered when a user creates a personal access token
+introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/374113
+introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/108952
+feature_category: compliance_management
+milestone: '15.9'
+saved_to_database: true
+streamed: true
diff --git a/ee/config/audit_events/types/personal_access_token_revoked.yml b/ee/config/audit_events/types/personal_access_token_revoked.yml
new file mode 100644
index 0000000000000000000000000000000000000000..57c700aff89917c5d089b464d24b367e5ba47f70
--- /dev/null
+++ b/ee/config/audit_events/types/personal_access_token_revoked.yml
@@ -0,0 +1,9 @@
+---
+name: personal_access_token_revoked
+description: Event triggered when a personal access token is revoked
+introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/374113
+introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/108952
+feature_category: compliance_management
+milestone: '15.9'
+saved_to_database: true
+streamed: true
diff --git a/ee/spec/services/personal_access_tokens/create_service_audit_log_spec.rb b/ee/spec/services/personal_access_tokens/create_service_audit_log_spec.rb
index 8f2eda8a67120ed3d5f4ba1dfbf2583694bf74d2..bf04da6e9eb4315e0f383cc4a8909a1c235aa1b9 100644
--- a/ee/spec/services/personal_access_tokens/create_service_audit_log_spec.rb
+++ b/ee/spec/services/personal_access_tokens/create_service_audit_log_spec.rb
@@ -11,7 +11,7 @@
     context 'when non-admin user' do
       context 'when user creates their own token' do
         it 'creates AuditEvent with success message' do
-          expect_to_log(user, user, /Created personal access token with id \d+/)
+          expect_to_audit(user, user, /Created personal access token with id \d+/)
 
           described_class.new(current_user: user, target_user: user, params: params).execute
         end
@@ -21,7 +21,7 @@
         let(:other_user) { create(:user) }
 
         it 'creates AuditEvent with failure message' do
-          expect_to_log(user, other_user, 'Attempted to create personal access token but failed with message: Not permitted to create')
+          expect_to_audit(user, other_user, 'Attempted to create personal access token but failed with message: Not permitted to create')
 
           described_class.new(current_user: user, target_user: other_user, params: params).execute
         end
@@ -32,14 +32,14 @@
       let(:admin) { create(:user, :admin) }
 
       it 'with admin mode enabled', :enable_admin_mode do
-        expect_to_log(admin, user, /Created personal access token with id \d+/)
+        expect_to_audit(admin, user, /Created personal access token with id \d+/)
 
         described_class.new(current_user: admin, target_user: user, params: params).execute
       end
 
       context 'with admin mode disabled' do
         it 'creates audit logs with failure message' do
-          expect_to_log(admin, user, 'Attempted to create personal access token but failed with message: Not permitted to create')
+          expect_to_audit(admin, user, 'Attempted to create personal access token but failed with message: Not permitted to create')
 
           described_class.new(current_user: admin, target_user: user, params: params).execute
         end
@@ -47,9 +47,16 @@
     end
   end
 
-  def expect_to_log(current_user, target_user, message)
-    expect(::AuditEventService).to receive(:new)
-      .with(current_user, target_user, action: :custom, custom_message: message, ip_address: nil)
+  def expect_to_audit(current_user, target_user, message)
+    audit_context = {
+      name: 'personal_access_token_created',
+      author: current_user,
+      scope: current_user,
+      target: target_user,
+      message: message
+    }
+
+    expect(::Gitlab::Audit::Auditor).to receive(:audit).with(audit_context)
       .and_call_original
   end
 end
diff --git a/ee/spec/services/personal_access_tokens/revoke_service_audit_log_spec.rb b/ee/spec/services/personal_access_tokens/revoke_service_audit_log_spec.rb
index dce06452af5a27a7ed95e85bc0f737a1a64ada06..47abea54c9023af1f39556c3df93a083a71ddf50 100644
--- a/ee/spec/services/personal_access_tokens/revoke_service_audit_log_spec.rb
+++ b/ee/spec/services/personal_access_tokens/revoke_service_audit_log_spec.rb
@@ -11,9 +11,15 @@
     let(:service) { described_class.new(user, token: token) }
 
     it 'creates audit events' do
-      expect(::AuditEventService)
-        .to receive(:new)
-        .with(user, user, action: :custom, custom_message: "Revoked personal access token with id #{token.id}")
+      audit_context = {
+        name: 'personal_access_token_revoked',
+        author: user,
+        scope: user,
+        target: user,
+        message: "Revoked personal access token with id #{token.id}"
+      }
+
+      expect(::Gitlab::Audit::Auditor).to receive(:audit).with(audit_context)
         .and_call_original
 
       subject
diff --git a/ee/spec/services/security/token_revocation_service_spec.rb b/ee/spec/services/security/token_revocation_service_spec.rb
index e7ad52c7a7c7583cb4d527315194fdc0e8f1b014..edbc463906244f4041b2ff8b3502fd02753a0277 100644
--- a/ee/spec/services/security/token_revocation_service_spec.rb
+++ b/ee/spec/services/security/token_revocation_service_spec.rb
@@ -68,14 +68,15 @@
     it 'returns success' do
       expect(PersonalAccessTokens::RevokeService).to receive(:new).once.and_call_original
 
-      expect(::AuditEventService)
-        .to receive(:new)
-        .with(
-          User.security_bot,
-          glpat_token.user,
-          action: :custom,
-          custom_message: "Revoked personal access token with id #{glpat_token.id}"
-        ).and_call_original
+      audit_context = {
+        name: 'personal_access_token_revoked',
+        author: User.security_bot,
+        scope: User.security_bot,
+        target: glpat_token.user,
+        message: "Revoked personal access token with id #{glpat_token.id}"
+      }
+
+      expect(::Gitlab::Audit::Auditor).to receive(:audit).with(audit_context).and_call_original
 
       expect(SystemNoteService)
         .to receive(:change_vulnerability_state)