Is it possible to implement an automated audit trails for all system components to reconstruct the events and send it to us in real-time?

The expected events are as follows:

  • All security related events
  • All individual user accesses to sensitive data.
  • All actions taken by any individual with root or administrative privileges.
  • Access to all audit trails.
  • Invalid logical access attempts.
  • Use of and changes to identification and authentication mechanisms—including but not limited to creation of new accounts and elevation of privileges—and all changes, additions, or deletions to accounts with root or administrative privileges.
  • Initialization, stopping, or pausing of the audit logs.
  • Creation and deletion of system-level objects.

thanks for asking and sorry for the late reply. Currently we don’t collect any sensitive data, and we emit events to event hub for most user actions. and we track the log when a system component is altered.