The Microsoft Download Center page, The Security Monitoring and Attack Detection Planning Guide, contains the following overview:

The Security Monitoring and Attack Detection Planning Guide is a practical support document for business and information technology professionals who are working to develop systems to monitor security on a network and to detect intruders. Its primary goals and objectives are to:

  • Introduce the concepts of security monitoring and attack detection.
  • List applications that can provide event log correlation.
  • Describe best practice activities and processes for developing a security monitoring and attack detection system.
  • Identify business, technical, and security issues for:
    • Detecting policy violations
    • Detecting external attacks
    • Implementing forensic analysis
  • Design a security monitoring and attack detection solution that can identify when attacks on the network take place.
  • Provide the ability to implement data retention for Forensic Analysis.