Sub-Requirement 10.2.7
10.2.7 Implement automated audit trails for all system components to reconstruct the following events:
Illustrative Controls and the TIBCO LogLogic Solution
Audit trails related to user creation and deletion of system-level objects, for example, files, folders, registry keys, and others, are critical in the troubleshooting and forensic analysis processes.
To satisfy this requirement, administrators should specify whether to audit successes, audit failures, or not audit the event type at all. Success audits generate an audit entry when a user successfully accesses an object. Failure audits generate an audit entry when a user unsuccessfully attempts to access an object. Administrators should also regularly review audit trails related to object creation and deletion to ensure appropriate access.
Reports and Alerts
Use the following link/reference to see the 10.2.7 reports and alerts: 10.2.7 on page 140.