Hey guys does anyone have a suggestions on what logs I should audit? I already have these on my list: Firewall, HTTP requests, TSL/SSL certs, DNS requests, Setuid/Setgid system calls, Packets, Outgoing traffic (OpenDLP I think mitigates this), Failed login attempts, Sudo, Failed drivers, Activities requiring resources, Moves files, corrupt files, failed access to files (permission denied), Group member additions, System reboots, Service restarts... If anyone has anymore ideas that would be awesome!