I must say Garreth's suggestions are right on point. I could be off base with my thinking but asking what are some best practices is a little like playing darts blind folded. You can not hit your requirements without knowing what they are. With SIEM solutions the best best practice you can have is learn to find out what your monitoring requirements are. I am not saying many users on the community do not have specific rules that we implement over and over again but they like in my case I support clients primarily within the Federal Government. This means I have a baseline and best practices for monitoring that encompasses regulations and compliance in that community. All organizations infrastructure is different and have different policies and regulations that govern them. I am sure this may not be what you wanted to hear. If you are looking for specific Filters, Rules and Reports it would help to post what your organizations general requirements or pains are and then ask what are some best practices the community uses to meet them.
Hope this helps.