Elastic Agent - Ship Windows logs for SIEM

We are in the process of deploying ELASTIC AGENT on all CLIENT OS , We intend to capture Windows Event logs more focused on Security Events which would be used for our SIEM. Any standard filters that can be applied and events that are unwanted can be ignored? Any standard SIEM thumb rule while capturing windows event logs