diff --git a/ee/app/services/ee/projects/create_service.rb b/ee/app/services/ee/projects/create_service.rb
index 220c81419f8b2257941363a0256dfce8f50e8f4a..6eb834d4bff03469658d5509c7af2221bd08e948 100644
--- a/ee/app/services/ee/projects/create_service.rb
+++ b/ee/app/services/ee/projects/create_service.rb
@@ -5,6 +5,9 @@ module Projects
     module CreateService
       extend ::Gitlab::Utils::Override
 
+      AUDIT_EVENT_TYPE = 'project_created'
+      AUDIT_EVENT_MESSAGE = 'Project created'
+
       attr_reader :security_policy_target_project_id, :security_policy_target_namespace_id
 
       override :initialize
@@ -152,11 +155,16 @@ def setup_ci_cd_project
       end
 
       def log_audit_event(project)
-        ::AuditEventService.new(
-          current_user,
-          project,
-          action: :create
-        ).for_project.security_event
+        audit_context = {
+          name: AUDIT_EVENT_TYPE,
+          author: current_user,
+          scope: project,
+          target: project,
+          message: AUDIT_EVENT_MESSAGE,
+          target_details: project.full_path
+        }
+
+        ::Gitlab::Audit::Auditor.audit(audit_context)
       end
     end
   end
diff --git a/ee/app/services/ee/projects/update_service.rb b/ee/app/services/ee/projects/update_service.rb
index f5a2956b2c0c4ec5d28bac011f1e8f35e7f7b7c2..673f88947cec78a4ddcc9bf8327f92cfe41c13e9 100644
--- a/ee/app/services/ee/projects/update_service.rb
+++ b/ee/app/services/ee/projects/update_service.rb
@@ -5,6 +5,9 @@ module Projects
     module UpdateService
       extend ::Gitlab::Utils::Override
 
+      DEFAULT_BRANCH_CHANGE_AUDIT_TYPE = 'project_default_branch_updated'
+      DEFAULT_BRANCH_CHANGE_AUDIT_MESSAGE = "Default branch changed from %s to %s"
+
       PULL_MIRROR_ATTRIBUTES = %i[
         mirror
         mirror_user_id
@@ -106,12 +109,20 @@ def remove_unallowed_params
 
       override :after_default_branch_change
       def after_default_branch_change(previous_default_branch)
-        ::AuditEventService.new(
-          current_user,
-          project,
-          action: :custom,
-          custom_message: "Default branch changed from #{previous_default_branch} to #{project.default_branch}"
-        ).for_project.security_event
+        audit_context = {
+          name: DEFAULT_BRANCH_CHANGE_AUDIT_TYPE,
+          author: current_user,
+          scope: project,
+          target: project,
+          message: format(DEFAULT_BRANCH_CHANGE_AUDIT_MESSAGE, previous_default_branch, project.default_branch),
+          target_details: project.full_path,
+          additional_details: {
+            from: previous_default_branch,
+            to: project.default_branch
+          }
+        }
+
+        ::Gitlab::Audit::Auditor.audit(audit_context)
       end
 
       # A user who enables shared runners must meet the credit card requirement if
diff --git a/ee/config/audit_events/types/project_created.yml b/ee/config/audit_events/types/project_created.yml
new file mode 100644
index 0000000000000000000000000000000000000000..101daccced51bc1c1ae90475c86d56c66a41dbe5
--- /dev/null
+++ b/ee/config/audit_events/types/project_created.yml
@@ -0,0 +1,9 @@
+---
+name: project_created
+description: Event triggered when a project is created.
+introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/374105
+introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/117543
+feature_category: projects
+milestone: '16.0'
+saved_to_database: true
+streamed: true
diff --git a/ee/config/audit_events/types/project_default_branch_updated.yml b/ee/config/audit_events/types/project_default_branch_updated.yml
new file mode 100644
index 0000000000000000000000000000000000000000..350993c00d019f4a070d3ca5f2eced443d963e23
--- /dev/null
+++ b/ee/config/audit_events/types/project_default_branch_updated.yml
@@ -0,0 +1,9 @@
+---
+name: project_default_branch_updated
+description: Event triggered when default branch of a project's repository is updated.
+introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/374105
+introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/117543
+feature_category: projects
+milestone: '16.0'
+saved_to_database: true
+streamed: true
diff --git a/ee/spec/features/registrations/combined_registration_spec.rb b/ee/spec/features/registrations/combined_registration_spec.rb
index e5e7fc2c0dbea97155d864f5a897fcc7139dce7d..674a85a4cdd698e2da793aa005cb04d04ad24008 100644
--- a/ee/spec/features/registrations/combined_registration_spec.rb
+++ b/ee/spec/features/registrations/combined_registration_spec.rb
@@ -9,7 +9,7 @@
 
   before do
     # https://gitlab.com/gitlab-org/gitlab/-/issues/340302
-    allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(148)
+    allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(151)
     stub_experiments(experiments)
     sign_in(user)
     visit users_sign_up_welcome_path
diff --git a/ee/spec/features/registrations/sign_up_with_trial_from_external_site_without_confirmation_spec.rb b/ee/spec/features/registrations/sign_up_with_trial_from_external_site_without_confirmation_spec.rb
index 87bb7ac29c27d8d0e1dd372079f5a69bcd486c83..6a308460ddcafd8e43f18ebc986c819e58b38200 100644
--- a/ee/spec/features/registrations/sign_up_with_trial_from_external_site_without_confirmation_spec.rb
+++ b/ee/spec/features/registrations/sign_up_with_trial_from_external_site_without_confirmation_spec.rb
@@ -15,7 +15,7 @@
     # The groups_and_projects_controller (on `click_on 'Create project'`) is over
     # the query limit threshold, so we have to adjust it.
     # https://gitlab.com/gitlab-org/gitlab/-/issues/340302
-    allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(156)
+    allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(159)
 
     stub_request(:post, "#{EE::SUBSCRIPTIONS_URL}/trials")
   end
diff --git a/ee/spec/features/registrations/start_trial_from_external_site_without_confirmation_spec.rb b/ee/spec/features/registrations/start_trial_from_external_site_without_confirmation_spec.rb
index 59ac6728ab04ec1bae27346624140ff61f4a35b0..7e3282c08b3ba765a9648cfdce798e5f20d1409e 100644
--- a/ee/spec/features/registrations/start_trial_from_external_site_without_confirmation_spec.rb
+++ b/ee/spec/features/registrations/start_trial_from_external_site_without_confirmation_spec.rb
@@ -14,7 +14,7 @@
     # The groups_and_projects_controller (on `click_on 'Create project'`) is over
     # the query limit threshold, so we have to adjust it.
     # https://gitlab.com/gitlab-org/gitlab/-/issues/340302
-    allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(156)
+    allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(159)
 
     stub_request(:post, "#{EE::SUBSCRIPTIONS_URL}/trials")
   end
diff --git a/ee/spec/requests/registrations/project_creation_spec.rb b/ee/spec/requests/registrations/project_creation_spec.rb
index ea1d7051514219fcab694b638e58d00b10bdb704..6dbd7b7743464069c07cd9481c0ea010cb0ab0e2 100644
--- a/ee/spec/requests/registrations/project_creation_spec.rb
+++ b/ee/spec/requests/registrations/project_creation_spec.rb
@@ -35,7 +35,7 @@
       context 'when group and project can be created' do
         it 'creates a group' do
           # 204 before creating learn gitlab in worker
-          allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(150)
+          allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(153)
 
           expect { post users_sign_up_groups_projects_path, params: params }.to change { Group.count }.by(1)
         end
diff --git a/ee/spec/services/projects/create_service_spec.rb b/ee/spec/services/projects/create_service_spec.rb
index 785ada13dd9bdc04de373a692de2d130744b7832..28ec918f1617cf57606659e02d4625a9f6c4c8fb 100644
--- a/ee/spec/services/projects/create_service_spec.rb
+++ b/ee/spec/services/projects/create_service_spec.rb
@@ -392,17 +392,20 @@
         allow(Gitlab::VisibilityLevel).to receive(:allowed_for?).and_return(false)
       end
 
+      let(:event_type) { Projects::CreateService::AUDIT_EVENT_TYPE }
+
       let(:attributes) do
         {
            author_id: user.id,
            entity_id: @resource.id,
            entity_type: 'Project',
            details: {
-             add: 'project',
              author_name: user.name,
              target_id: @resource.id,
              target_type: 'Project',
-             target_details: @resource.full_path
+             target_details: @resource.full_path,
+             custom_message: Projects::CreateService::AUDIT_EVENT_MESSAGE,
+             author_class: user.class.name
            }
          }
       end
diff --git a/ee/spec/services/projects/fork_service_spec.rb b/ee/spec/services/projects/fork_service_spec.rb
index 34fcf77d729cd2c7857ea5bcf51364ba68a173fc..efe22c00340156dc00d0d00c1c025a95308a7409 100644
--- a/ee/spec/services/projects/fork_service_spec.rb
+++ b/ee/spec/services/projects/fork_service_spec.rb
@@ -18,7 +18,11 @@
 
     subject(:execute) { described_class.new(project, user).execute }
 
-    it 'call auditor with currect context' do
+    it 'calls auditor with correct context' do
+      expect(::Gitlab::Audit::Auditor).to receive(:audit)
+                                            .with(hash_including(name: Projects::CreateService::AUDIT_EVENT_TYPE))
+                                            .and_call_original
+
       audit_context = {
         name: event_type,
         stream_only: true,
diff --git a/ee/spec/services/projects/update_service_spec.rb b/ee/spec/services/projects/update_service_spec.rb
index db34d1dca3b430cb1853b5354e9b690e8085457f..c489fbb81ebd9291e9851d573f1e82105f2f5f78 100644
--- a/ee/spec/services/projects/update_service_spec.rb
+++ b/ee/spec/services/projects/update_service_spec.rb
@@ -242,12 +242,15 @@ def operation
           update_project(project, user, default_branch: 'feature')
         end
 
+        let_it_be(:event_type) { Projects::UpdateService::DEFAULT_BRANCH_CHANGE_AUDIT_TYPE }
+
         let(:attributes) do
           audit_event_params.tap do |param|
-            param[:details][:custom_message] = "Default branch changed from master to feature"
-            # Default branch change event still uses legacy AuditEventService instead of Gitlab::Audit::Auditor.
-            # The following attributes exist once we switched to Gitlab::Audit::Auditor.
-            param[:details].delete(:author_class)
+            param[:details].merge!(
+              from: project.previous_default_branch,
+              to: project.default_branch,
+              custom_message: format(Projects::UpdateService::DEFAULT_BRANCH_CHANGE_AUDIT_MESSAGE, project.previous_default_branch, project.default_branch)
+            )
           end
         end
       end
diff --git a/ee/spec/support/helpers/saas_registration_helpers.rb b/ee/spec/support/helpers/saas_registration_helpers.rb
index 4d87897d2b4eaa85a26c9e3332c53a051e839b49..8d27dc8ab700910c15b3e114c914d26a9b45fb85 100644
--- a/ee/spec/support/helpers/saas_registration_helpers.rb
+++ b/ee/spec/support/helpers/saas_registration_helpers.rb
@@ -104,7 +104,7 @@ def fills_in_group_and_project_creation_form
     # The groups_and_projects_controller (on `click_on 'Create project'`) is over
     # the query limit threshold, so we have to adjust it.
     # https://gitlab.com/gitlab-org/gitlab/-/issues/404805
-    allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(157)
+    allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(160)
 
     fill_in 'group_name', with: 'Test Group'
     fill_in 'blank_project_name', with: 'Test Project'