Enhanced Auditing
Enhanced Auditing is a shadow table with a system of triggers and tables that can be implemented to track all database table inserts, updates, and deletions. The system captures the name of the user, the type of update, the date and time of the update, and changes to the data in each record. Auditing is done at the record level.
LogRhythm Enhanced Auditing is enabled and supported by default for a particular group of tables that monitor administrative actions in LogRhythm. A setup to collect data from each shadow table to log the audit information directly into the SIEM must be established. Users can create dashboards, reports, and alarms around LogRhythm Administrative actions with the data collected from shadow tables.