You can record and store security audit events for Windows 10 and Windows Server 2016 to track key system and network activities, monitor potentially harmful behaviors, and mitigate risks. You control the amount of data you collect by controlling the categories of security events you audit, for example, changes to user account and resource permissions, failed attempts to access resources, and attempts to modify system files. The reference in this download can help you decide what to monitor and how to interpret the data you collect.