so what is it that you guys are using for auditing and reporting?
things like when a switch or firewall config gets changed
or when a user fails 10 consecutive logins.
or when the process that emails the boss about the 10 failed logins fails to trigger..
stuff like that
We are currently using Solarwinds Orion modules for many of these auditing and alerting requirements.
Firewall config tracking: Tufin is amazing. Get your hands on that.
For config changes we use RANCID. Get an email with a diff of all changes. We have it running on a schedule, and also have a small script that triggers whenever a syslog message is received for entering config mode that forces a check of that specific device.
For any security stuff like failed logins we have a SOC that alerts us. They will catch our RANCID user when we forget to update the password in time so I know they see it. How they do it I have no clue. I know a lot of people are really big on Splunk now, but it isn't cheap or easy to setup.
-Otanx