Good afternoon! I inherited the AD domain infrastructure based on Windows Server 2016. There are over 1000 users in the AD database and a password change policy is configured every 90 days, people may have more than one device. There are very frequent situations when an account begins to be blocked on some device, I found a list of event IDs, I want to understand if I deploy this monitoring system, will I be able to timely receive and see the overall picture from these logs, will the elastic be able to parse them , are there any ready-made templates for this. I want to point out that I’m new here, so please don’t be strict.