diff --git a/doc/administration/audit_event_streaming/audit_event_types.md b/doc/administration/audit_event_streaming/audit_event_types.md
index a8fa06dbc647793325764cf2607cfcd7e04f9154..14441f1a6d55187854fba63352e4017b2753ed30 100644
--- a/doc/administration/audit_event_streaming/audit_event_types.md
+++ b/doc/administration/audit_event_streaming/audit_event_types.md
@@ -90,6 +90,7 @@ Audit event types are used to [filter streamed audit events](index.md#update-eve
 | [`group_access_token_creation_failed`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92225) | Event triggered on failing to create a group access token | **{check-circle}** Yes | **{check-circle}** Yes | `subgroup` | [15.2](https://gitlab.com/gitlab-org/gitlab/-/issues/363087) |
 | [`group_access_token_deleted`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92225) | Event triggered on deleting a group access token | **{check-circle}** Yes | **{check-circle}** Yes | `subgroup` | [15.2](https://gitlab.com/gitlab-org/gitlab/-/issues/363087) |
 | [`group_access_token_deletion_failed`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92225) | Event triggered on failure to delete a group access token | **{check-circle}** Yes | **{check-circle}** Yes | `subgroup` | [15.2](https://gitlab.com/gitlab-org/gitlab/-/issues/363087) |
+| [`group_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/121005) | Event triggered when a group is created. | **{check-circle}** Yes | **{check-circle}** Yes | `groups_and_projects` | [16.3](https://gitlab.com/gitlab-org/gitlab/-/issues/411595) |
 | [`group_deletion_marked`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/116986) | Event triggered when a group is marked for deletion. | **{check-circle}** Yes | **{check-circle}** Yes | `compliance_management` | [15.11](https://gitlab.com/gitlab-org/gitlab/-/issues/374106) |
 | [`group_deploy_token_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/93091) | Audit event triggered when a groups deploy token is created | **{check-circle}** Yes | **{check-circle}** Yes | `continuous_delivery` | [15.3](https://gitlab.com/gitlab-org/gitlab/-/issues/363087) |
 | [`group_deploy_token_creation_failed`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/93091) | Audit event triggered when a groups deploy token fails to create | **{check-circle}** Yes | **{check-circle}** Yes | `continuous_delivery` | [15.3](https://gitlab.com/gitlab-org/gitlab/-/issues/363087) |
diff --git a/ee/app/services/ee/groups/create_service.rb b/ee/app/services/ee/groups/create_service.rb
index d8afc782cfb4f77050c34c486975014850a15678..0ad176bbc2faad6d916c7e0ecc1aaa46767ee411 100644
--- a/ee/app/services/ee/groups/create_service.rb
+++ b/ee/app/services/ee/groups/create_service.rb
@@ -5,6 +5,9 @@ module Groups
     module CreateService
       extend ::Gitlab::Utils::Override
 
+      AUDIT_EVENT_TYPE = 'group_created'
+      AUDIT_EVENT_MESSAGE = 'Added group'
+
       override :execute
       def execute
         super.tap do |group|
@@ -44,11 +47,16 @@ def remove_unallowed_params
       end
 
       def log_audit_event
-        ::AuditEventService.new(
-          current_user,
-          group,
-          action: :create
-        ).for_group.security_event
+        audit_context = {
+          name: AUDIT_EVENT_TYPE,
+          author: current_user,
+          scope: group,
+          target: group,
+          message: AUDIT_EVENT_MESSAGE,
+          target_details: group.full_path
+        }
+
+        ::Gitlab::Audit::Auditor.audit(audit_context)
       end
     end
   end
diff --git a/ee/config/audit_events/types/group_created.yml b/ee/config/audit_events/types/group_created.yml
new file mode 100644
index 0000000000000000000000000000000000000000..4e0e82590afd08759f99e951191c7f47f45351f0
--- /dev/null
+++ b/ee/config/audit_events/types/group_created.yml
@@ -0,0 +1,9 @@
+---
+name: group_created
+description: Event triggered when a group is created.
+introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/411595
+introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/121005
+feature_category: groups_and_projects
+milestone: '16.3'
+saved_to_database: true
+streamed: true
diff --git a/ee/spec/services/groups/create_service_spec.rb b/ee/spec/services/groups/create_service_spec.rb
index 6623bf6c3de724ff98bd6fc4b0325343c9409b50..defcc716d8a830c8dd0063f7f780e143d7bc74a9 100644
--- a/ee/spec/services/groups/create_service_spec.rb
+++ b/ee/spec/services/groups/create_service_spec.rb
@@ -14,6 +14,7 @@
 
   context 'audit events' do
     include_examples 'audit event logging' do
+      let_it_be(:event_type) { Groups::CreateService::AUDIT_EVENT_TYPE }
       let(:operation) { create_group(user, group_params) }
       let(:fail_condition!) do
         allow(Gitlab::VisibilityLevel).to receive(:allowed_for?).and_return(false)
@@ -25,11 +26,12 @@
            entity_id: @resource.id,
            entity_type: 'Group',
            details: {
-             add: 'group',
              author_name: user.name,
              target_id: @resource.id,
              target_type: 'Group',
-             target_details: @resource.full_path
+             target_details: @resource.full_path,
+             custom_message: Groups::CreateService::AUDIT_EVENT_MESSAGE,
+             author_class: user.class.name
            }
          }
       end