I have a request coming from our risk auditor asking if SEPM has detailed logging on ch administrator anges, such as, someone schedules a change in the coming weekend, the change will update policy X with ABC modification, how will we know that is what he has changed?
It seemed to me that the native SEPM system auditing logs only has minimal information, such as, who logged on and when the person touched policy, other than the minimal information, I do not know find any detailed logs that what he makde the change. my auditor want to know what people planned to change and what he indeed changed.
Does anyone know if those detailed action were recorded somewhere in SEPM or database but not directly in the SEPM logging query? or any idea if I can retrieve the informaiton from other places such as the SQL database and how? I was thinking to use some video captuing program, however, if the change last few hours, then video capture might not be realistic.