I have a client that requested
1. the procedures and guidelines on how the review of these audit logs should be conducted
2. the criteria for defining and prioritizing critical audit logs to be reviewed such as the usage of privilege IDs, changes to policies settings / configurations, invalid user login to Windows and Database servers.
But i dont have an idea how to make it since the client is zero knowledge. Need you help and idea.