I am trying to automate this laborious task. Can share if you have any experience using such tools where auditors has no issue with?
A SIEM is capable of log centralisation, normalisation and correlation of events. You should be able to set-up rules to alert on single events or combinations of events of interest. It tend to be best to work back from known indicators of attacks to source the relevant events, rather than capture all events and try to figure out what all that data might mean.
Are these internal or external auditors? The difference: If they are internal, you could sit with them while you are putting together the requirements for such a tool and have their blessings as you move down the path.
I am not sure about others but have found that building an alliance with the IA team has been beneficial and helps when dealing with external audit.
For external auditors, you may wish to ask them what they are looking for. SOmetimes it varies depending on the auditor assigned to your firm.
We had good luck with Splunk (but they were very expensive), another tool we used was AlienVault. Both satisfied the audit requirements.
d
PS: this is NOT an endorsement for either tool, just that we used them. Both had issues and required dedicated staff.
Found this on the net, might help you when doing your requirements:
d