Audit log events
Following events can be logged as audit events:
- Authentication events (successful or failed login attempt)
- Authorization events (successful or failed attempt to access resources or data)
- System configuration modification
- Create, read, delete, or update resources or data
- Failure of session management
- Changes to user privileges
- Database access (success or failure)
- Network or application firewall, Intrusion Detection System (IDS), or Intrusion Prevention System (IPS) events
- Amount of system use
- System start, shutdown, or reboot events
- Application or system failure events
Following data must not be included in the audit logs:
- Sensitive information
- User credentials
- Passwords
- Bank account details
- Access token
- Authentication token
- File system path or information
- Database query or string
- Encryption or decryption keys