Re: Is there a place to find recommended or sample filters, rules and reports?

System audit policy

Category/Subcategory Setting

System

  Security System Extension Success and Failure

  System Integrity Success and Failure

  IPsec Driver Success and Failure

  Other System Events Success and Failure

  Security State Change Success and Failure

Logon/Logoff

Logon Success and Failure

Logoff Success and Failure

  Account Lockout Success and Failure

  IPsec Main Mode Success and Failure

  IPsec Quick Mode Success and Failure

  IPsec Extended Mode Success and Failure

  Special Logon Success and Failure

  Other Logon/Logoff Events Success and Failure

  Network Policy Server Success and Failure

Object Access

  File System Failure

Registry Failure

  Kernel Object Failure

SAM Failure

  Certification Services Failure

  Application Generated Failure

  Handle Manipulation Failure

  File Share Failure

  Filtering Platform Packet Drop          Failure

  Filtering Platform Connection           Failure

  Other Object Access Events Failure

  Detailed File Share Failure

Privilege Use

  Sensitive Privilege Use Failure

  Non Sensitive Privilege Use Failure

  Other Privilege Use Events Failure

Detailed Tracking

  Process Termination No Auditing

  DPAPI Activity No Auditing

  RPC Events No Auditing

  Process Creation No Auditing

Policy Change

  Audit Policy Change Success and Failure

  Authentication Policy Change Success and Failure

  Authorization Policy Change Success and Failure

  MPSSVC Rule-Level Policy Change         Success and Failure

  Filtering Platform Policy Change        Success and Failure

  Other Policy Change Events Success and Failure

Account Management

  User Account Management Success and Failure

  Computer Account Management Success and Failure

  Security Group Management Success and Failure

  Distribution Group Management           Success and Failure

  Application Group Management Success and Failure

  Other Account Management Events         Success and Failure

DS Access

  Directory Service Changes Failure

  Directory Service Replication           Failure

  Detailed Directory Service Replication  Failure

  Directory Service Access Failure

Account Logon

  Kerberos Service Ticket Operations      Success and Failure

  Other Account Logon Events Success and Failure

  Kerberos Authentication Service         Success and Failure

    Credential Validation Success and Failure