diff --git a/wec-registry-tweaks/README.md b/wec-registry-tweaks/README.md
new file mode 100644
index 0000000..1e7c776
--- /dev/null
+++ b/wec-registry-tweaks/README.md
@@ -0,0 +1,48 @@
+# WEC-Registry-Tweaks
+
+In high volume environments, it may be necessary to increase memory buffers for heavy intake Subscriptions. 
+Applying these registry files will increase the buffers available for the Windows event collector, but has the possibility of exhausting system resources.
+Once rebooted, you can look at the [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\[Event-Channel]\{[Provider-Guid]}\Status] entry to determine if the resources were allocated successfully (0) or if the system doesn't have enough resources (1450)
+
+## Contents of Registry Files
+
+```
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\[Event-Channel]]
+"Guid"="{[Unique-Guid]}"
+"BufferSize"=dword:00000100
+"FlushTimer"=dword:00000000
+"MaximumBuffers"=dword:00000400
+"MinimumBuffers"=dword:00000000
+"OwningChannel"="[Event-Channel]"
+"Start"=dword:00000001
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\[Event-Channel]\{[Provider-Guid]}]
+"Enabled"=dword:00000001
+```
+
+### Descriptions
+
+* Guid - Unique Per Subscription
+REG_SZ
+A string that contains a GUID that uniquely identifies the session. This value is required.
+* BufferSize - Default to 256 (256KB)
+REG_DWORD
+The size of each buffer, in kilobytes. Should be less than one megabyte. ETW uses the size of physical memory to calculate this value.
+* FlushTimer - Default to 0
+REG_DWORD
+How often, in seconds, the trace buffers are forcibly flushed. The minimum flush time is 1 second. This forced flush is in addition to the automatic flush that occurs when a buffer is full and when the trace session stops. For the case of a real-time logger, a value of zero (the default value) means that the flush time will be set to 1 second. A real-time logger is when LogFileMode is set to EVENT_TRACE_REAL_TIME_MODE.The default value is 0. By default, buffers are flushed only when they are full. 
+* MaximumBuffers - Default to 1024 buffers (Defaults to 256MB Maximum per buffer)
+REG_DWORD
+The maximum number of buffers to allocate. Typically, this value is the minimum number of buffers plus twenty. ETW uses the buffer size and the size of physical memory to calculate this value. This value must be greater than or equal to the value for MinimumBuffers.
+* MinimumBuffers
+REG_DWORD
+The minimum number of buffers to allocate at startup. The minimum number of buffers that you can specify is two buffers per processor. For example, on a single processor computer, the minimum number of buffers is two.
+* Start
+REG_DWORD
+To have the AutoLogger session start the next time the computer is restarted, set this value to 1; otherwise, set this value to 0.
+
+
+
+## Helpful Resources
+* [Microsoft WMI Autologger documentation](https://docs.microsoft.com/en-us/windows/desktop/etw/configuring-and-starting-an-autologger-session)
+* [Windows Event Forwarding into HP/ArchSight at Scale](https://community.softwaregrp.com/dcvta86296/attachments/dcvta86296/arcsight-discussions/24729/1/Protect2015-WindowsEventForwarding.pdf)
diff --git a/wec-registry-tweaks/WEC-Authentication.reg b/wec-registry-tweaks/WEC-Authentication.reg
new file mode 100755
index 0000000..511fde3
Binary files /dev/null and b/wec-registry-tweaks/WEC-Authentication.reg differ
diff --git a/wec-registry-tweaks/WEC-Code-Integrity.reg b/wec-registry-tweaks/WEC-Code-Integrity.reg
new file mode 100755
index 0000000..81a5453
Binary files /dev/null and b/wec-registry-tweaks/WEC-Code-Integrity.reg differ
diff --git a/wec-registry-tweaks/WEC-Powershell.reg b/wec-registry-tweaks/WEC-Powershell.reg
new file mode 100755
index 0000000..ad9d56d
Binary files /dev/null and b/wec-registry-tweaks/WEC-Powershell.reg differ
diff --git a/wec-registry-tweaks/WEC-Process-Execution.reg b/wec-registry-tweaks/WEC-Process-Execution.reg
new file mode 100755
index 0000000..75e9104
Binary files /dev/null and b/wec-registry-tweaks/WEC-Process-Execution.reg differ
diff --git a/wec-registry-tweaks/WEC-Services.reg b/wec-registry-tweaks/WEC-Services.reg
new file mode 100755
index 0000000..59caa35
Binary files /dev/null and b/wec-registry-tweaks/WEC-Services.reg differ
diff --git a/wec-registry-tweaks/WEC-WMI.reg b/wec-registry-tweaks/WEC-WMI.reg
new file mode 100755
index 0000000..7235a48
Binary files /dev/null and b/wec-registry-tweaks/WEC-WMI.reg differ
diff --git a/wec-registry-tweaks/WEC2-Application-Crashes.reg b/wec-registry-tweaks/WEC2-Application-Crashes.reg
new file mode 100755
index 0000000..0ac912d
Binary files /dev/null and b/wec-registry-tweaks/WEC2-Application-Crashes.reg differ
diff --git a/wec-registry-tweaks/WEC2-Applocker.reg b/wec-registry-tweaks/WEC2-Applocker.reg
new file mode 100755
index 0000000..26ff1df
Binary files /dev/null and b/wec-registry-tweaks/WEC2-Applocker.reg differ
diff --git a/wec-registry-tweaks/WEC2-Group-Policy-Errors.reg b/wec-registry-tweaks/WEC2-Group-Policy-Errors.reg
new file mode 100755
index 0000000..de0a03b
Binary files /dev/null and b/wec-registry-tweaks/WEC2-Group-Policy-Errors.reg differ
diff --git a/wec-registry-tweaks/WEC2-Object-Manipulation.reg b/wec-registry-tweaks/WEC2-Object-Manipulation.reg
new file mode 100755
index 0000000..b371289
Binary files /dev/null and b/wec-registry-tweaks/WEC2-Object-Manipulation.reg differ
diff --git a/wec-registry-tweaks/WEC2-Registry.reg b/wec-registry-tweaks/WEC2-Registry.reg
new file mode 100755
index 0000000..fa2ce18
Binary files /dev/null and b/wec-registry-tweaks/WEC2-Registry.reg differ
diff --git a/wec-registry-tweaks/WEC2-Task-Scheduler.reg b/wec-registry-tweaks/WEC2-Task-Scheduler.reg
new file mode 100755
index 0000000..1319daf
Binary files /dev/null and b/wec-registry-tweaks/WEC2-Task-Scheduler.reg differ
diff --git a/wec-registry-tweaks/WEC2-Windows-Defender.reg b/wec-registry-tweaks/WEC2-Windows-Defender.reg
new file mode 100755
index 0000000..529aaff
Binary files /dev/null and b/wec-registry-tweaks/WEC2-Windows-Defender.reg differ
diff --git a/wec-registry-tweaks/WEC3-Account-Management.reg b/wec-registry-tweaks/WEC3-Account-Management.reg
new file mode 100755
index 0000000..40e7ef3
Binary files /dev/null and b/wec-registry-tweaks/WEC3-Account-Management.reg differ
diff --git a/wec-registry-tweaks/WEC3-Drivers.reg b/wec-registry-tweaks/WEC3-Drivers.reg
new file mode 100755
index 0000000..6e3c13b
Binary files /dev/null and b/wec-registry-tweaks/WEC3-Drivers.reg differ
diff --git a/wec-registry-tweaks/WEC3-External-Devices.reg b/wec-registry-tweaks/WEC3-External-Devices.reg
new file mode 100755
index 0000000..650aef0
Binary files /dev/null and b/wec-registry-tweaks/WEC3-External-Devices.reg differ
diff --git a/wec-registry-tweaks/WEC3-Firewall.reg b/wec-registry-tweaks/WEC3-Firewall.reg
new file mode 100755
index 0000000..b863870
Binary files /dev/null and b/wec-registry-tweaks/WEC3-Firewall.reg differ
diff --git a/wec-registry-tweaks/WEC3-Print.reg b/wec-registry-tweaks/WEC3-Print.reg
new file mode 100755
index 0000000..2ca42de
Binary files /dev/null and b/wec-registry-tweaks/WEC3-Print.reg differ
diff --git a/wec-registry-tweaks/WEC3-Smart-Card.reg b/wec-registry-tweaks/WEC3-Smart-Card.reg
new file mode 100755
index 0000000..f5959a3
Binary files /dev/null and b/wec-registry-tweaks/WEC3-Smart-Card.reg differ
diff --git a/wec-registry-tweaks/WEC3-Windows-Diagnostics.reg b/wec-registry-tweaks/WEC3-Windows-Diagnostics.reg
new file mode 100755
index 0000000..f46a6f0
Binary files /dev/null and b/wec-registry-tweaks/WEC3-Windows-Diagnostics.reg differ
diff --git a/wec-registry-tweaks/WEC4-Bits-Client.reg b/wec-registry-tweaks/WEC4-Bits-Client.reg
new file mode 100755
index 0000000..49dfcf9
Binary files /dev/null and b/wec-registry-tweaks/WEC4-Bits-Client.reg differ
diff --git a/wec-registry-tweaks/WEC4-DNS.reg b/wec-registry-tweaks/WEC4-DNS.reg
new file mode 100755
index 0000000..86b03d0
Binary files /dev/null and b/wec-registry-tweaks/WEC4-DNS.reg differ
diff --git a/wec-registry-tweaks/WEC4-Hotpatching-Errors.reg b/wec-registry-tweaks/WEC4-Hotpatching-Errors.reg
new file mode 100755
index 0000000..db5bf0a
Binary files /dev/null and b/wec-registry-tweaks/WEC4-Hotpatching-Errors.reg differ
diff --git a/wec-registry-tweaks/WEC4-Shares.reg b/wec-registry-tweaks/WEC4-Shares.reg
new file mode 100755
index 0000000..34247e0
Binary files /dev/null and b/wec-registry-tweaks/WEC4-Shares.reg differ
diff --git a/wec-registry-tweaks/WEC4-System-Time-Change.reg b/wec-registry-tweaks/WEC4-System-Time-Change.reg
new file mode 100755
index 0000000..d6d664f
Binary files /dev/null and b/wec-registry-tweaks/WEC4-System-Time-Change.reg differ
diff --git a/wec-registry-tweaks/WEC4-Windows-Updates.reg b/wec-registry-tweaks/WEC4-Windows-Updates.reg
new file mode 100755
index 0000000..9591f5a
Binary files /dev/null and b/wec-registry-tweaks/WEC4-Windows-Updates.reg differ
diff --git a/wec-registry-tweaks/WEC4-Wireless.reg b/wec-registry-tweaks/WEC4-Wireless.reg
new file mode 100755
index 0000000..d1a4bbd
Binary files /dev/null and b/wec-registry-tweaks/WEC4-Wireless.reg differ
diff --git a/wec-registry-tweaks/WEC5-Autoruns.reg b/wec-registry-tweaks/WEC5-Autoruns.reg
new file mode 100755
index 0000000..7e9eb3c
Binary files /dev/null and b/wec-registry-tweaks/WEC5-Autoruns.reg differ
diff --git a/wec-registry-tweaks/WEC5-Certificate-Authority.reg b/wec-registry-tweaks/WEC5-Certificate-Authority.reg
new file mode 100755
index 0000000..f7f8007
Binary files /dev/null and b/wec-registry-tweaks/WEC5-Certificate-Authority.reg differ
diff --git a/wec-registry-tweaks/WEC5-Crypto-API.reg b/wec-registry-tweaks/WEC5-Crypto-API.reg
new file mode 100755
index 0000000..f3f0852
Binary files /dev/null and b/wec-registry-tweaks/WEC5-Crypto-API.reg differ
diff --git a/wec-registry-tweaks/WEC5-Log-Deletion-Security.reg b/wec-registry-tweaks/WEC5-Log-Deletion-Security.reg
new file mode 100755
index 0000000..1ef34df
Binary files /dev/null and b/wec-registry-tweaks/WEC5-Log-Deletion-Security.reg differ
diff --git a/wec-registry-tweaks/WEC5-Log-Deletion-System.reg b/wec-registry-tweaks/WEC5-Log-Deletion-System.reg
new file mode 100755
index 0000000..a517207
Binary files /dev/null and b/wec-registry-tweaks/WEC5-Log-Deletion-System.reg differ
diff --git a/wec-registry-tweaks/WEC5-MSI-Packages.reg b/wec-registry-tweaks/WEC5-MSI-Packages.reg
new file mode 100755
index 0000000..bd06c44
Binary files /dev/null and b/wec-registry-tweaks/WEC5-MSI-Packages.reg differ
diff --git a/wec-registry-tweaks/WEC5-Operating-System.reg b/wec-registry-tweaks/WEC5-Operating-System.reg
new file mode 100755
index 0000000..134c533
Binary files /dev/null and b/wec-registry-tweaks/WEC5-Operating-System.reg differ
diff --git a/wec-registry-tweaks/WEC6-ADFS.reg b/wec-registry-tweaks/WEC6-ADFS.reg
new file mode 100755
index 0000000..2418bb9
Binary files /dev/null and b/wec-registry-tweaks/WEC6-ADFS.reg differ
diff --git a/wec-registry-tweaks/WEC6-Device-Guard.reg b/wec-registry-tweaks/WEC6-Device-Guard.reg
new file mode 100755
index 0000000..4a63fe6
Binary files /dev/null and b/wec-registry-tweaks/WEC6-Device-Guard.reg differ
diff --git a/wec-registry-tweaks/WEC6-Duo-Security.reg b/wec-registry-tweaks/WEC6-Duo-Security.reg
new file mode 100755
index 0000000..844332a
Binary files /dev/null and b/wec-registry-tweaks/WEC6-Duo-Security.reg differ
diff --git a/wec-registry-tweaks/WEC6-Exploit-Guard.reg b/wec-registry-tweaks/WEC6-Exploit-Guard.reg
new file mode 100755
index 0000000..4cf7d7c
Binary files /dev/null and b/wec-registry-tweaks/WEC6-Exploit-Guard.reg differ
diff --git a/wec-registry-tweaks/WEC6-Microsoft-Office.reg b/wec-registry-tweaks/WEC6-Microsoft-Office.reg
new file mode 100755
index 0000000..8cf1396
Binary files /dev/null and b/wec-registry-tweaks/WEC6-Microsoft-Office.reg differ
diff --git a/wec-registry-tweaks/WEC6-Software-Restriction-Policies.reg b/wec-registry-tweaks/WEC6-Software-Restriction-Policies.reg
new file mode 100755
index 0000000..05471d0
Binary files /dev/null and b/wec-registry-tweaks/WEC6-Software-Restriction-Policies.reg differ
diff --git a/wec-registry-tweaks/WEC6-Sysmon.reg b/wec-registry-tweaks/WEC6-Sysmon.reg
new file mode 100755
index 0000000..c7e6672
Binary files /dev/null and b/wec-registry-tweaks/WEC6-Sysmon.reg differ
diff --git a/wec-registry-tweaks/WEC7-Active-Directory.reg b/wec-registry-tweaks/WEC7-Active-Directory.reg
new file mode 100755
index 0000000..759a14c
Binary files /dev/null and b/wec-registry-tweaks/WEC7-Active-Directory.reg differ
diff --git a/wec-registry-tweaks/WEC7-Privilege-Use.reg b/wec-registry-tweaks/WEC7-Privilege-Use.reg
new file mode 100755
index 0000000..a2e18bb
Binary files /dev/null and b/wec-registry-tweaks/WEC7-Privilege-Use.reg differ
diff --git a/wec-registry-tweaks/WEC7-Terminal-Services.reg b/wec-registry-tweaks/WEC7-Terminal-Services.reg
new file mode 100755
index 0000000..a62a39f
Binary files /dev/null and b/wec-registry-tweaks/WEC7-Terminal-Services.reg differ