Resouces for out Active Directory Spotlight about Windows Event Forwarding and the Windows Event Collector. Read the blog post here:
Active Directory Spotlight: Windows Event Forwarding & Windows Event Collector
In this repo you'll find the comparison of audit recommendations that is mentioned in the blog post: Comparison_of_audit_recommendation.xlsx.
Moreover the described subscriptions are contained in the Subscriptions folder. Please note that these are meant to be starting points into writing custom subscriptions and are not ready for realisitic threat hunting.