Enhancement: Incorporate additional events, and provide guidance on configuring client audit policies

[novaksam]

Is your feature request related to a problem? Please describe. There are additional fields that would be helpful for digital forensics or attacker detection/hunting. Given that the intended audience for LME may be new to the topic of WEF, perhaps it is in the best interest of user success to create/enhance additional events into the WEF collection.

Below are repositories that have been beneficial in my own implementation:

https://github.com/nsacyber/Event-Forwarding-Guidance/tree/master/Events

https://github.com/palantir/windows-event-forwarding/tree/master

Additionally, I recommend providing guidance on configuring workstation audit policies; the setting and removal of audit configuration policies can wipe out the client side auditing config, so setting it statically with GPO is the best approach to resolving that potential issue. A good breakdown can be found here: https://github.com/palantir/windows-event-forwarding/tree/master/group-policy-objects