over ES , any way to monitor windows account assigned with high privilege.
I only know of EventID 4672 . What all other events could be monitored
this one is common: 4720
https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4720