Monitoring the creation or modification of objects gives you a way to track potential security problems, helps to ensure user accountability, and provides evidence in the event of a security breach.
The most common types of events to be audited are:
Access to objects, such as files and folders.
Management of user accounts and group accounts.
Users logging on to and logging off from the system.
This section contains: