Hi,
I’m implementing the Security Audit Logging, I need validatation on what all events we should audit. Currently I’m auditing the events triggered by user, but we have many events got triggered by system during the flow of these user events like when user try to reset their password after successfully verifying their secret question’s answer then system triggers the change password event for putting temporary random generated password and login success to authenticate user and then user set’s their own password replacing that one.
Like here, there are also other places where system triggers event after the user events.
So here do we need to audit these system events which got triggered after user event ? If yes then we can mark those as triggered by system and audit it.
