This guide is designed to help organizations plan a security monitoring and attack detection system based on Windows Security Event logs. It highlights how to interpret the events and which events indicate the possibility that an attack is in progress.