diff --git a/ee/app/services/ee/groups/destroy_service.rb b/ee/app/services/ee/groups/destroy_service.rb
index c72cb0d73e2a37322cf0aa04f9cd8745daac029c..44723836bd80602da65f602585e2aa5c4b61b2d4 100644
--- a/ee/app/services/ee/groups/destroy_service.rb
+++ b/ee/app/services/ee/groups/destroy_service.rb
@@ -51,11 +51,19 @@ def delete_dependency_proxy_blobs(group)
       end
 
       def log_audit_event
-        ::AuditEventService.new(
-          current_user,
-          group,
-          action: :destroy
-        ).for_group.security_event
+        audit_context = {
+          name: 'group_destroyed',
+          author: current_user,
+          scope: group.root_ancestor,
+          target: group,
+          message: 'Group destroyed',
+          target_details: group.full_path,
+          additional_details: {
+            remove: 'group'
+          }
+        }
+
+        ::Gitlab::Audit::Auditor.audit(audit_context)
       end
     end
   end
diff --git a/ee/app/services/groups/mark_for_deletion_service.rb b/ee/app/services/groups/mark_for_deletion_service.rb
index a20ab7e46a132fe32fcce035c7b2979412c905fd..e55d86d31f94b0abc912b52b8af05f0116934fea 100644
--- a/ee/app/services/groups/mark_for_deletion_service.rb
+++ b/ee/app/services/groups/mark_for_deletion_service.rb
@@ -31,12 +31,15 @@ def deletion_schedule_params
     end
 
     def log_audit_event
-      AuditEvents::CustomAuditEventService.new(
-        current_user,
-        group,
-        nil,
-        'Group marked for deletion'
-      ).for_group.security_event
+      audit_context = {
+        name: 'group_deletion_marked',
+        author: current_user,
+        scope: group,
+        target: group,
+        message: 'Group marked for deletion'
+      }
+
+      ::Gitlab::Audit::Auditor.audit(audit_context)
     end
   end
 end
diff --git a/ee/app/services/groups/restore_service.rb b/ee/app/services/groups/restore_service.rb
index 098e0d5d636294d25a410ab7eff9e127839adc88..19592a6b455e48efe042fe5b84b954522fe2ba55 100644
--- a/ee/app/services/groups/restore_service.rb
+++ b/ee/app/services/groups/restore_service.rb
@@ -28,12 +28,15 @@ def remove_deletion_schedule
     end
 
     def log_audit_event
-      AuditEvents::CustomAuditEventService.new(
-        current_user,
-        group,
-        nil,
-        'Group restored'
-      ).for_group.security_event
+      audit_context = {
+        name: 'group_restored',
+        author: current_user,
+        scope: group,
+        target: group,
+        message: 'Group restored'
+      }
+
+      ::Gitlab::Audit::Auditor.audit(audit_context)
     end
   end
 end
diff --git a/ee/config/audit_events/types/group_deletion_marked.yml b/ee/config/audit_events/types/group_deletion_marked.yml
new file mode 100644
index 0000000000000000000000000000000000000000..7a10210549f049189c91e042f4ec51bc81617e29
--- /dev/null
+++ b/ee/config/audit_events/types/group_deletion_marked.yml
@@ -0,0 +1,9 @@
+---
+name: group_deletion_marked
+description: Event triggered when a group is marked for deletion.
+introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/374106
+introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/116986
+feature_category: compliance_management
+milestone: '15.11'
+saved_to_database: true
+streamed: true
diff --git a/ee/config/audit_events/types/group_destroyed.yml b/ee/config/audit_events/types/group_destroyed.yml
new file mode 100644
index 0000000000000000000000000000000000000000..0300fc6b890d223259a3a69ae69aae693a25f4e6
--- /dev/null
+++ b/ee/config/audit_events/types/group_destroyed.yml
@@ -0,0 +1,9 @@
+---
+name: group_destroyed
+description: Event triggered when a group is destroyed.
+introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/374106
+introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/116986
+feature_category: compliance_management
+milestone: '15.11'
+saved_to_database: true
+streamed: true
diff --git a/ee/config/audit_events/types/group_restored.yml b/ee/config/audit_events/types/group_restored.yml
new file mode 100644
index 0000000000000000000000000000000000000000..2cece207ead59b847eae6f3453d70fb0726d1d1b
--- /dev/null
+++ b/ee/config/audit_events/types/group_restored.yml
@@ -0,0 +1,9 @@
+---
+name: group_restored
+description: Event triggered when a group is restored.
+introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/374106
+introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/116986
+feature_category: compliance_management
+milestone: '15.11'
+saved_to_database: true
+streamed: true
diff --git a/ee/spec/services/groups/destroy_service_spec.rb b/ee/spec/services/groups/destroy_service_spec.rb
index b17c308a0ba1f332ccc46041dfa6fd61af373edd..410869bd02f3d945c83550b46ee59e310e7580b6 100644
--- a/ee/spec/services/groups/destroy_service_spec.rb
+++ b/ee/spec/services/groups/destroy_service_spec.rb
@@ -16,6 +16,8 @@
           .to receive(:destroy).and_return(group)
       end
 
+      let_it_be(:event_type) { 'group_destroyed' }
+
       let(:attributes) do
         {
            author_id: user.id,
@@ -24,9 +26,11 @@
            details: {
              remove: 'group',
              author_name: user.name,
+             author_class: user.class.name,
              target_id: group.id,
              target_type: 'Group',
-             target_details: group.full_path
+             target_details: group.full_path,
+             custom_message: 'Group destroyed'
            }
          }
       end
@@ -47,7 +51,7 @@
 
     it 'sends the audit streaming event with json format' do
       expect(AuditEvents::AuditEventStreamingWorker).to receive(:perform_async).with(
-        'audit_operation',
+        'group_destroyed',
         nil,
         a_string_including("group_entity_id\":#{parent_group.id}"))
 
diff --git a/ee/spec/services/groups/mark_for_deletion_service_spec.rb b/ee/spec/services/groups/mark_for_deletion_service_spec.rb
index 05e9d70fe99650b1dacec5cfbd1a4be688741a88..5ae875ef6c2db95b9da0ebfc36eb2bc6d2735db1 100644
--- a/ee/spec/services/groups/mark_for_deletion_service_spec.rb
+++ b/ee/spec/services/groups/mark_for_deletion_service_spec.rb
@@ -68,6 +68,10 @@
 
       context 'audit events' do
         it 'logs audit event' do
+          expect(::Gitlab::Audit::Auditor).to receive(:audit).with(
+            hash_including(name: 'group_deletion_marked')
+          ).and_call_original
+
           expect { subject }.to change { AuditEvent.count }.by(1)
         end
       end
diff --git a/ee/spec/services/groups/restore_service_spec.rb b/ee/spec/services/groups/restore_service_spec.rb
index 6f5998028edd599f62a5f86d47f2254ec9884322..0b5886e186de619a23f2b43de56efdb58b92a2af 100644
--- a/ee/spec/services/groups/restore_service_spec.rb
+++ b/ee/spec/services/groups/restore_service_spec.rb
@@ -66,6 +66,10 @@
 
       context 'audit events' do
         it 'logs audit event' do
+          expect(::Gitlab::Audit::Auditor).to receive(:audit).with(
+            hash_including(name: 'group_restored')
+          ).and_call_original
+
           expect { subject }.to change { AuditEvent.count }.by(1)
         end
       end
diff --git a/ee/spec/support/shared_examples/services/audit_event_logging_shared_examples.rb b/ee/spec/support/shared_examples/services/audit_event_logging_shared_examples.rb
index 8a66143d4cc7c902e5efdb2c2ed165089184ed0f..69e2dda76dd3b937e1928058dd3106ed471d67ec 100644
--- a/ee/spec/support/shared_examples/services/audit_event_logging_shared_examples.rb
+++ b/ee/spec/support/shared_examples/services/audit_event_logging_shared_examples.rb
@@ -16,6 +16,16 @@
 
         expect(AuditEvent.last).to have_attributes(attributes)
       end
+
+      it 'calls the audit method with the event type' do
+        if defined?(event_type)
+          expect(::Gitlab::Audit::Auditor).to receive(:audit).with(
+            hash_including(name: event_type)
+          ).and_call_original
+
+          operation
+        end
+      end
     end
 
     it 'does not log audit event if operation fails' do