function ShowVerboseSecurity {
    $msg  = @"
Account Logon
  - Credential Validation $m_credential_validation
    - Volume: ``Depends on NTLM usage. Could be high on DCs and low on clients and servers.``
    - Default settings: ``Client OS: No Auditing`` | ``Server OS: Success``
    - Recommended settings: ``Client and Server OSes: Success and Failure``
  - Kerberos Authentication Service $m_kerberos_authentication_service
    - Volume: ``High``
    - Default settings: ``Client OS: No Auditing`` | ``Server OS: Success``
    - Recommended settings: ``Client OS: No Auditing`` | ``Server OS: Success and Failure``
  - Kerberos Service Ticket Operations $m_kerberos_sevice_ticket_operations
    - Volume: ``High``
    - Default settings: ``Client OS: No Auditing`` | ``Server OS: Success``
    - Recommended settings: ``Domain Controllers: Success and Failure``
Account Management
  - Computer Account Management $m_computer_account_management
    - Volume: ``Low``
    - Default settings: ``Client OS: No Auditing`` | ``Server OS: Success Only``
    - Recommended settings: ``Domain Controllers: Success and Failure``
  - Other Account Management Events $m_other_account_management
    - Volume: ``Low``
    - Default settings: ``No Auditing``
    - Recommended settings: ``Success and Failure``
  - Security Group Management $m_security_group_management
    - Volume: ``Low``
    - Default settings: ``Success``
    - Recommended settings: ``Success and Failure``
  - User Account Management $m_user_account_management
    - Volume: ``Low``
    - Default settings: ``Success``
    - Recommended settings: ``Success and Failure``
Detailed Tracking
  - Plug and Play Events $m_plug_and_play_events
    - Volume: ``Typcially low``
    - Default settings: ``No Auditing``
    - Recommended settings: ``Success and Failure``
  - Process Creation $m_process_creation
    - Volume: ``High``
    - Default settings: ``No Auditing``
    - Recommended settings: ``Success and Failure`` if sysmon is not configured.
  - Process Termination $m_process_termination
    - Volume: ``High``
    - Default settings: ``No Auditing``
    - Recommended settings: ``No Auditing`` unless you want to track the lifespan of processes.
  - RPC (Remote Procedure Call) Events $m_rpc_events
    - Volume: ``High on RPC servers`` (According to Microsoft)
    - Default settings: ``No Auditing``
    - Recommended settings: ``Unknown. Needs testing.``
  - Token Right Adjusted Events $m_token_right_adjusted_events
    - Volume: ``Unknown``
    - Default settings: ``No Auditing``
    - Recommended settings: ``Unknown. Needs testing.``
DS (Directory Service) Access
  - Directory Service Access $m_directory_service_access
    - Volume: ``High``
    - Default settings: ``Client OS: No Auditing`` | ``Server OS: Success``
    - Recommended settings: ``Client OS: No Auditing`` | ``ADDS Server: Success and Failure``
  - Directory Service Changes
    - Volume: ``High``
    - Default settings: ``No Auditing``
    - Recommended settings: ``Client OS: No Auditing`` | ``ADDS Server: Success and Failure``
Logon/Logoff
  - Account Lockout $m_account_lockout
    - Volume: ``Low``
    - Default settings: ``Success``
    - Recommended settings: ``Success and Failure``
  - Group Membership
    - Volume: Adds an extra ``4627`` event to every logon.
    - Default settings: ``No Auditing``
    - Recommended settings: ``No Auditing``
  - Logoff $m_logoff
    - Volume: ``High``
    - Default settings: ``Success``
    - Recommended settings: ``Success``
  - Logon $m_logon
    - Volume: ``Low on clients, medium on DCs or network servers``
    - Default settings: ``Client OS: Success`` | ``Server OS: Success and Failure``
    - Recommended settings: ``Success and Failure``
  - Other Logon/Logoff Events $m_other_logon_logoff_events
    - Volume: ``Low``
    - Default settings: ``No Auditing``
    - Recommended settings: ``Success and Failure``
  - Special Logon $m_special_logon
    - Volume: ``Low on clients. Medium on DC or network servers.``
    - Default settings: ``Success``
    - Recommended settings: ``Success and Failure``
Object Access
  - Certification Services $m_certification_services
    - Volume: ``Low to medium``
    - Default settings: ``No Auditing``
    - Recommended settings: ``Success and Failure`` for AD CS role servers.
  - Detailed File Share $m_detailed_file_share
    - Volume: ``Very high for file servers and DCs, however, may be necessary if you want to track who is accessing what files as well as detect various lateral movement.``
    - Default settings: ``No Auditing``
    - Recommended settings: ``No Auditing`` due to the high noise level. Enable if you can though.
  - File Share $m_file_share
    - Volume: ``High for file servers and DCs.``
    - Default settings: ``No Auditing``
    - Recommended settings: ``Success and Failure``
  - File System $m_file_system
    - Volume: ``Depends on SACL rules``
    - Default settings: ``No Auditing``
    - Recommended settings: ``Enable SACLs just for sensitive files``
  - Filtering Platform Connection $m_filtering_platform_connection
    - Volume: ``High``
    - Default settings: ``No Auditing``
    - Recommended settings: ``Success and Failure`` if you have enough space and are not monitoring network connections with sysmon. This should cause a high amount of events though.
  - Filtering Platform Packet Drop $m_filtering_platform_packet_drop
    - Volume: ``High``
    - Default settings: ``No Auditing``
    - Recommended settings: ``Success and Failure`` if you have enough space and are not monitoring network connections with sysmon. This should cause a high amount of events though.
  - Kernel Object $m_kernel_object
    - Volume: ``High if auditing access of global object access is enabled``
    - Default settings: ``No Auditing``
    - Recommended settings: ``Success and Failure`` but do not enable ``Audit the access of global system objects`` as you will generate too many ``4663: Object Access`` events.
  - Handle Manipulation $m_handle_manipulation
    - Volume: ``High``
    - Default settings: ``No Auditing``
    - Recommended settings: ``Success and Failure``
  - Other Object Access Events $m_other_object_access_events
    - Volume: ``Low``
    - Default settings: ``No Auditing``
    - Recommended settings: ``Success and Failure``
  - Registry $m_registry
    - Volume: ``Depends on SACLs``
    - Default settings: ``No Auditing``
    - Recommended settings: ``Set SACLs for only the registry keys that you want to monitor``
  - Removable Storage $m_removable_storage
    - Volume: ``Depends on how much removable storage is used``
    - Default settings: ``No Auditing``
    - Recommended settings: ``Success and Failure`` if you want to monitor external device usage.
  - SAM $m_sam
    - Volume: ``High volume of events on Domain Controllers``
    - Default settings: ``No Auditing``
    - Recommended settings: ``Success and Failure`` if you can but may cause too high volume of noise so should be tested beforehand.
Policy Change
  - Audit Policy Change $m_audit_policy_change
    - Volume: ``Low``
    - Default settings: ``Success``
    - Recommended settings: ``Success and Failure``
  - Authentication Policy Change $m_authentication_policy_change
    - Volume: ``Low``
    - Default settings: ``Success``
    - Recommended settings: ``Success and Failure``
  - Authorization Policy Change $m_authorization_policy_change
    - Volume: ``Medium to High``
    - Default settings: ``No Auditing``
    - Recommended settings: ``Unknown. Needs testing.``
  - Filtering Platform Policy Change $m_filtering_platform_policy_change
    - Volume: ``Low``
    - Default settings: ``No Auditing``
    - Recommended settings: ``Unknown, Needs testing.``
  - MPSSVC Rule-Level Policy Change $m_mpssvc_rule_level_policy_change
    - Volume: ``Low``
    - Default settings: ``No Auditing``
    - Recommended settings: ``Unknown. Needs testing.``
  - Other Policy Change Events $m_other_policy_change_events
    - Volume: ``Low``
    - Default settings: ``No Auditing``
    - Recommended settings: ``No Auditing`` (Note: ACSC recommends ``Success and Failure``, however, this results in a lot of noise of ``5447 (A Windows Filtering Platform filter has been changed)`` events being generated.)
Privilege Use
  - Non Sensitive Use Events $m_non_sensitive_use_events
    - Volume: ``Very high``
    - Default settings: ``No Auditing``
    - Recommended settings: ``No Auditing``
  - Sensitive Privilege Use $m_sensitive_privilege_use
    - Volume: ``High``
    - Default settings: ``No Auditing``
    - Recommended settings: ``Success and Failure`` However, this may be too noisy.
System
  - Other System Events $m_other_system_events
    - Volume: ``Low``
    - Default settings: ``Success and Failure``
    - Recommended settings: ``Unknown. Needs testing.``
  - Security State Change $m_security_state_change
    - Volume: ``Low``
    - Default settings: ``Success``
    - Recommended settings: ``Success and Failure``
  - Security System Extension $m_security_system_extension
    - Volume: ``Low, but more on DCs``
    - Default settings: ``No Auditing``
    - Recommended settings: ``Success and Failure``
  - System Integrity $m_system_integrity
    - Volume: ``Low``
    - Default settings: ``Sucess, Failure``
    - Recommended settings: ``Success and Failure``
"@
    Write-Host $msg
}