Changes:
-Significant whitelisting contributions from @ion-storm, with additions
for Windows 10
-New monitoring for Security Center, Firewall, UAC, Windows Defender
policy changes by malware
-New SOCKS proxy and tor port monitoring
-New file type monitoring for macros and more suspicious file types
-Major refactor via targetted sorting and visual tweaks, for easier
understanding and maintainability

NOTE: ImageLoaded and ProcessAccess and Pipe events will remain out of
scope because they require secondary correllation to be immediately
actionable. Please see forked versions if you would like direct Mimikatz
monitoring. I will re-review this decision in a week or so, feel free to
reply with your own feedback.