Recommendation for How to Log

In the Windows World Logging is some what complicated but not impossible.

1. Lets start with identifying what we want Start here, Here, and Here (but its up to you/the business what gets turned on) keep in mind that IO ops are a thing and logging everything will slow the system down but dont panic and not log anything the OS can log alot and not slow down to much.

• Word of advise unless your system is super fast leave logging of permission usage and process tracking alone. Consider Sysmon. Want more follow this Link

2. Microsoft Recommendations can be found here

Reference Sites/Good reads on what other think you should log:

• Security minded Monitoring
• Lateral Movement Detection
• Sysmon with Example starting Config