Is there a package for EventSentry which includes the events listed in

The National Security Agency (NSA) and the Central Security Service (CSS) published the document "Spotting the Adversary with Windows Event Log Monitoring" which, in section 4, lists a number of events which are recommended to be collected by a log / SIEM monitoring solution.

We have made a downloadable EventSentry package file available for download which includes all events listed in section 4 (with the exception of events targeting Windows XP, those have been omitted).

The event log rules contained in the downloadable package is based on the document published on 2/28/2013.

To import the package follow these steps:

Download and unzip the file
Open the EventSentry Management Console
Right-click the "Packages" container
Select "Import Packages"
Browse to the es_nsa.reg file
Select "Import Now" and wait for the import to complete
Review the various packages starting with "4." and make any necessary customizations, such as assigning different actions.