This guide has some useful information for the detection and prevention of security related attacks. Although a couple of years old its content stilll holds true. It covers areas such as:
- Policies
- Security monitoring
- Identifying internal attacks
- Event Logs – what to look for
It also includes a useful appendix that gives information on which Event ID’s can be ignored when trying to detect a systems violation attempt.