diff --git a/README.md b/README.md
index 3a8c17d..9844eda 100644
--- a/README.md
+++ b/README.md
@@ -96,8 +96,11 @@ See 'Logging setup' section below for how to configure these logs
   * Suspicious service creation
   * Service creation errors
   * Stopping/starting the Windows Event Log service (potential event log manipulation)
+* Mimikatz
+  * `lsadump::sam`
+  * `token::elevate`
 * EMET & Applocker Blocks
-* Sensitive Privilege Use (Mimikatz)
+
 
 ...and more