Anthropic-Cybersecurity-Skills/skills/configuring-windows-event-logging-for-detection/references/workflows.md

Workflows

Event Logging Deployment

[Audit current logging configuration] → [Enable Advanced Audit Policy via GPO]
  → [Enable command line logging] → [Increase log sizes]
  → [Configure WEF or agent-based forwarding] → [Verify events in SIEM]
  → [Build detection rules from high-value events] → [Quarterly logging audit]