I'm in the process of identifying checks I'd like to Audit on my application servers. Typically these are configured with Chef so I've thought of building a roadmap based on Chef Role validation, (Ex. .Net version, TLS version checks). I also have been considering where I want a watchdog on files, like any edit to a web.config except for a certain deployment service.
What registry or file checks would you look for?
How are you creating a roadmap for your implementation?