I've had some discussion with fellow MVP's and we all feel the audit log could use a big FR for the things we want to see tracked.
On my list I can think of:
- who & when a credential is added or removed
- eg: include module (Credential added to UDT? Credential added to SAM template?)
- also: credential changed for the actual SQL or Netflow DB (backend/admin) + who + timestamp
- who & when a component in a view is edited
- example: when someone hits edit on a component - who & what?
- When a report is modified in any way
- eg: who ?
- was the report description changed?
- custom properties added?
- new schedule added or removed from said report?
- When an alert is modified in any way
- eg: who modified the alert
- was the title changed?
- was the alert criteria changed?
- was a new trigger added?
- was a schedule changed?
- was a node muted?
- every single action a particular account takes
- maybe as a toggle option or with a date option? EG: store every action a newly created user account does for the first 30 days. Or a "turn it on for a month starting now" kind of thing?
I'll add more as I discuss this with jbiggley and probably every single MVP.