Hi @achauhan2098,
welcome in the Splunk Community!
At first i hint to add some other EventCodes to complete your first windows analysis with the following:
then, if you have logs from the Domain Controllers, are very useful for Security monitoring:
Event 4727 A Security-enabled Global Group was created
Event 4737 A Security-enabled Global Group was changed
Event 4728 A member was added to a security-enabled Global group
Event 4729 A member was removed from a security-enabled Global group
Event 4730 A Security-enabled Global Group was removed
Event 4754 A Security-enabled Universal Group was created
Event 4755 A Security-enabled Universal Group was changed
Event 4756 A member was added to a security-enabled Universal group
Event 4757 A member was removed from a security-enabled Universal group
Event 4758 A Security-enabled Universal Group was removed
Event 4731 A Security-enabled Local Group was created
Event 4735 A Security-enabled Local Group was changed
Event 4732 A member was added to a security-enabled Domain Local group
Event 4733 A member was removed from a security-enabled Domain Local group
Event 4734 A Security-enabled Domain Local Group was removed
Event 4781 Group Rename
Event 4764 Group Change Type
Event 4720 A user account was created
Event 4724 An attempt was made to reset an account Password
Event 4738 A User account was changed
Event 4725 A user account was disabled
Event 4722 A user account was enabled
Event 4726 A user account was deleted
To have these EventCodes from the Domain Controllers you have to enable them because, by default, they are disabled.
Anyway, the EventCodes you're ingesting are:
So these are some immediate security Use Cases that you can develop:
If you're interested to Security Use Cases, I hint to install the Splunk Security Essentials App (https://splunkbase.splunk.com/app/3435/) that propose all the Use Case possible with your data.
Ciao.
Giuseppe