Why Is Auditing Used?
You typically use auditing to perform the following activities:
Enable accountability for actions. These might include actions taken on documents, changes to configuration settings, administrative actions, changes to the security database, or system-wide events.
Deter users or potential intruders from inappropriate actions.
Investigate suspicious activity.
Notify an auditor of the actions of an unauthorized user.
Detect problems with an authorization or access control implementation. For example, you can design audit policies that you expect to never generate an audit record because the data is protected in other ways. However, if these policies generate audit records, then you know the other security controls are not properly implemented.
Address auditing requirements for regulatory compliance.