Microsoft has published a new guide on Windows’ security events. It’s a 700+ page doc!
Windows 10 Security Auditing and Monitoring Reference V1
You can record and store security audit events for Windows 10 to track key system and network activities, monitor potentially harmful behaviors, and mitigate risks. You control the amount of data you collect by controlling the categories of security events you audit, for example, changes to user account and resource permissions, failed attempts to access resources, and attempts to modify system files. The reference in this download can help you decide what to monitor and how to interpret the data you collect.