Greetings.

I am trying to audit all actions performed by the admin user in a domain seperated environment in order to satisfy customer security concerns.

I need to prove out the following use cases:

1. Use case 1: An Admin user in the Top domain adds a user to the company A domain
   1. Log into SNow as an Admin user and add an ITIL user to the company A domain
   2. Review the appropriate logs to ensure that the activity by the Admin user was recorded

1. An Admin user in the Top Domain updates a workflow in the Company A Domain
   1. Log into SNow as an Admin user and modify a Workflow in the Company A domain.
   2. Review the appropriate logs to ensure that the activity by the Admin user was recorded

Now, I do not see this type of information recorded in the system logs.   It does appear as though enabling auditing and enabling the auditing for various tables in the dictionary would be the way to accomplish this; however, it is unclear to me as to which tables to audit and how I may generate reports off of the audit history.

That being said.   I am quite sure that a lot of folks out there have external auditors come in and ask for reports on these types of activites so it is my thought that at least some folks have traveled this road.   In an effort to not re-invent the wheel, I would love to know how you folks solved this issue.

Any thoughts or help would greatly be appreciated.

David