Windows 10 and Windows Server 2016 security auditing and monitoring reference

https://www.microsoft.com/en-us/download/details.aspx?id=52630

Windows security audit events

https://www.microsoft.com/en-us/download/details.aspx?id=50034

All the things in the Windows Security Log

https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/Default.aspx

Very useful logging cheat sheets

https://www.malwarearchaeology.com/cheat-sheets

RDP

https://dfironthemountain.wordpress.com/2019/02/15/rdp-event-log-dfir/

Windows log samples mapped to MITRE ATT&CK

https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES

Den Luzvyk's tweet breaking down security log events

https://twitter.com/duzvik/status/1319215738473820160?s=20

The NSA's recommendation for Windows events to log

https://github.com/nsacyber/Event-Forwarding-Guidance/tree/master/Events

Guide to the weird quirks of the way that Windows logs.

https://osdfir.blogspot.com/2021/10/common-misconceptions-about-windows.html

Forward Defense's Windows Event Log Reference

https://www.forwarddefense.com/media/attachments/2021/05/15/windows-event-log-analyst-reference.pdf

Best practice for configuring Windows Audit logging

https://activedirectorypro.com/audit-policy-best-practices/

"It’s Not You! Windows Security Logs Don’t Make Sense". An eye opening piece by Tareq Alkhatib

https://medium.com/@tareq.alkhatib/its-not-you-windows-security-logs-don-t-make-sense-4e421a0bbd0

How to setup Windows Event Log Forwarder

https://adamtheautomator.com/windows-event-collector/