Microsoft has published a new blog post entitled Hunting for reconnaissance activities using LDAP search filters in which they describe a new mechanism for getting better information about the searches being processed, offer guidelines for identifying suspicious filters, and provide some examples of such filters.