Security vendors are constantly finding new ways to catch evil. The problem is there is too much reliance on security products. Some of the most effective detects today use standard logs you already have. This presentation will show you high fidelity methods of catching evil while minimizing the number of logs necessary to collect. This includes techniques to collect chatty logs such as DNS as well as logs you may feel are too high volume to collect such as desktop logs. The focus will be on detection techniques that are easy to setup and have low false positives.