Update readme.md

Labs/readme.md

@@ -11,16 +11,23 @@
 ### 1. Windows Domain Controller
 - Specs
   - supported OS version
-  -
+  - [Logmira](https://github.com/Blumira/Logmira) (Either reduced or full verbosity is fine)
 
 ### 2. Windows Endpoint
 - Joined to above domain
-- Download and install [Wireshark](https://www.wireshark.org/)
+- Installs
+  - Download and install [Wireshark](https://www.wireshark.org/)
+  - Clone [Domain Password Spray from @dafthack](https://github.com/dafthack/DomainPasswordSpray/blob/master/DomainPasswordSpray.ps1)
+  - Download both usernames.txt and passlist.txt from this github directory
+
 ### 3. Kali Linux
+
 ### 4. Optional - Whatever you need for SIEM?
 In my case you will see in the demos that I'm using a Blumira sensor. This is an Ubuntu box with a docker container that has a [Blumira](https://www.blumira.com) sensor installed on it. Because this isn't a SIEM training, it's difficult to go through a full lab setup of something like ELK or Splunk. 
 
-## Files/Scripts/Commands
+We will cover in all lab demos finding event IDs in windows event viewer, but then also the concept of what they would look like in a SIEM as well. For in person trainings, everyone will be provided with logins to the Blumira platform during the class.
+
+## Scripts/Commands
 
 1. [Domain Password Spray from @dafthack](https://github.com/dafthack/DomainPasswordSpray/blob/master/DomainPasswordSpray.ps1)
    - Right-click, run powershell as admin