There are many tools out there that can collect and send logs (ahem NXLog) and then there are tools that can ingest these logs, analyze them for threats, alert based on that analysis, and then automate a response.
While these tools are out of the scope of this post, it must be understood that they are only as effective as the information contained within.
That’s why manufacturers like Microsoft give administrators tools to spice up log entries.
Microsoft has released a set of baseline security configurations for every domain-joined computer and server, as well as for specific applications.
Check out the Microsoft blog for more information.
For Windows Server 2016, they released a set of baseline security group policy objects that administrators could deploy within their environment.
These objects contain hundreds of recommended security enhancements to workstations and servers to align them with best practices.
Part of these best practices is that it enables audit logging and security logging, meaning it will provide detailed logging information for certain security events that occur within the environment.