We would like to watch Archer activity in our SIEM using the audit but that raised a couple of questions :
- Is there a documentation more complete than the few lines found in ACP guide ?
- Audit logs are verbose, but it seems difficult to isolate scenarios. for example, how can i watch the adding of a new system administrator ?
Do not think there is much Audit tracing documentation except ones you names for ACP.
For Sysadmin activities, vote here:
Otherwise, whole your requirement might be a whole new enhancement idea.