The Security Monitoring and Attack Detection Planning Guide is a practical support document for business and information technology professionals who are working to develop systems to monitor security on a network and to detect intruders. Its primary goals and objectives are to:

• Introduce the concepts of security monitoring and attack detection.
• List applications that can provide event log correlation.
• Describe best practice activities and processes for developing a security monitoring and attack detection system.
• Identify business, technical, and security issues for:
  • Detecting policy violations
  • Detecting external attacks
  • Implementing forensic analysis
• Design a security monitoring and attack detection solution that can identify when attacks on the network take place.
• Provide the ability to implement data retention for Forensic Analysis.

Go get it @ http://www.microsoft.com/en-us/download/details.aspx?id=21832.