Setting up LEM to detect Advanced Persistent Threats (APTs)/Trojan-Ransom

All,

Due to recent events, my company wants to expand LEM to notify our team when Advanced Persistent Threats (APTs)/Trojan-Ransom infect our network.  Reading the following links gives a good high-level overview:

Handling Cybersecurity Threats

https://thwack.solarwinds.com/community/solarwinds-community/geek-speak_tht/blog/2013/05/13/handling-cybersecurity-threats

Cybercriminals infiltrate banks! Hundreds of Millions Lost!  Lessons for the rest of us

https://thwack.solarwinds.com/community/solarwinds-community/geek-speak_tht/blog/2015/02/17/cybercriminals-infiltrate-banks-hundreds-of-millions-lost-lessons-for-the-rest-of-us

What is an APT?

https://thwack.solarwinds.com/docs/DOC-176021

Cybersecurity – A Practical Approach to Actionable Intelligence

http://web.swcdn.net/creative/pdf/Whitepapers/WP_FED_Cybersecurity-A_Practical_Approach_to_Actionable_Intelligence.pdf

However, I am looking for a more detail guideline.  While I clearly understand each APT/Trojan could operate differently, I am looking for a more gradular guideline or whitepaper to set up LEM to notify my group an APT is on the network.  After I installed LEM I watched the following great video posted by Nicole Pauls!  Her video really helped.  Is there one for setting up LEM to detect APTs?  Or, are there other guidelines/white papers on setting up this listed feature of LEM?

Thank you,

T.J.