Which standard logs can be turned off in ES (Ent. Security) to save licensing ? Are there a best practice list I can work with please? This would be for the purpose of SOC team.