Today, I had some time to read the “The security Monitoring and Attack Detection Planning Guide” by Microsoft.
I have read different documents in the last couple of months aimed at security monitoring in the Microsoft endpoint however this document it is completely up to date and can help organizations to understand the requirements they need to monitor and hunt for intruders in their endpoint.
This is not the definitively document about the subject but a highly recommended to read if you are into monitoring, threat hunting and forensics analysis.
https://www.microsoft.com/en-us/download/details.aspx?id=21832