From e3cb0142c6212c890a9b5a5d6ba23902febb431d Mon Sep 17 00:00:00 2001
From: Eric Conrad <git@zez.me>
Date: Fri, 3 May 2019 12:21:17 -0300
Subject: [PATCH] Updated detected events

---
 README.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 3a8c17d..9844eda 100644
--- a/README.md
+++ b/README.md
@@ -96,8 +96,11 @@ See 'Logging setup' section below for how to configure these logs
   * Suspicious service creation
   * Service creation errors
   * Stopping/starting the Windows Event Log service (potential event log manipulation)
+* Mimikatz
+  * `lsadump::sam`
+  * `token::elevate`
 * EMET & Applocker Blocks
-* Sensitive Privilege Use (Mimikatz)
+
 
 ...and more