Windows Security Monitor - is a specialized analytical use case for SIEM, which is designed for the most popular SIEM systems in the world. Different methodologies including HPE Activate and SOC Prime’s own research were used to create this content. Use Case provides visualization of Microsoft Windows and Active Directory basic security events, performs statistical analysis and profiling of basic security events and detects abnormal deviations from the norm. Use Case monitors security events in the areas of access control, user management, group management and maintenance of systems and services. This case is recommended for use as a basis for monitoring Microsoft Windows security and Active Directory.