IBM QRadar

Hello! I want to know if you know if there is a standard that has a list of possible security events to monitor for a Windows Active Directory? That is, for example, event security recommendations that we must monitor for an AD according to some manufacturer, some SIEM or some standard. Thanks!

What must be logged and monitored in your case depends on what you see as potential use case, specific risk/threats profile, regulatory requirements etc. (Regulatory requirements might require you to log much more than you would see having immediate value for detection, but would be needed for evidence purposes eventually). 

I usually recommend starting with CIS; there you can find recommendations with explanations for audit settings - incl. which events are covered by which setting and the reason why this is recommended. 

You can also have a look at the document Spotting the Adversary with Windows Event Log Monitoring from NSA Information Assurance Directorate. A rather old one, but main points are still valid. In QRadar, when using WinCollect protocol for a Windows log source, you can find inclusion filter sets based on NSA recommendations  already predefined and available to select.

QRadar has a lot of rules, searches and reports built-in (or available to be readilly installed from AppExchange) to cover many use cases. Many rules are actually disabled by default - as they could generate a lot of "noise", or be similar to other active ones.  Using Use Case Manager in QRadar you can find Log source type coverage by rules (and vice versa). It also allows you to filter by log source type and check against the MITRE ATT&CK mapping/coverage - which could further help you with streamlining your approach. The extensions available on AppExchange are also organized based on categories and mapping to MITRE tactics - which might further help.

Note that your use cases do not need to be supported by rule ( e.g. changes to group policy might not be a reason to create an offense, but reporting for and monitoring these occurrences on a daily basis is important).