As the methods that attackers use to compromise credentials and data continue to evolve, it is increasingly important to monitor critical systems such as Active Directory (AD) for signs of malicious activities. Most customers turn to security information and event management (SIEM) products to provide this monitoring. While these solutions may be extremely powerful, they ultimately depend on the Windows event logs that are populated by Active Directory. Event logs can be very complicated to work with, and ultimately do not provide the information needed to monitor several key attack vectors within AD. By relying on event logs, customers face several challenges which prevent them from truly securing their organization. This paper explores five of those challenges.