I am currently developing my company's list of auditable network security events - things that are monitored and caught through logs that warrant an administrator's attention. For example, the creation of a new privileged account, a server restart, excessive volume of file transfer. Some of these happen in real time - for example, the moment a new privileged account is created, the alert happens, and another administrator verifies the validity of the new account. Some happen on a recurring basis - same example, I could say that every quarter we review all of the privileged accounts to ensure they are still accurate.
I spent some time searching the internet and surprisingly didn't find anything overly useful. So I come to you - do any of you know of a good repository of the most common events to monitor, so I can bounce my own list off of it?