[Spidler]

As with many checklist items, it is a useful technology that when set up and followed, can be totally awesome.

Turning on and adding some "proper" filters on the audit subsystem won us the first spot in a CTF, as the early markers that "something is up" turned out to be excellent.

But if all you do with it is pipe it to your log server and ignore it? Well, then it's not really going to help you, and is only a checkbox item.

I feel that much of this disparaging on various "checklist" items is crappy half-assed semi-elitism. Checklists are _amazing_ tools for preventing accidents in many industries, everything from surgery to trains and flight use them with great success.

So why can't information security professionals use them without being derided by others in the business? Perhaps the same reason as doctors insisted that hand washing was time consuming and unnecessary, or the financial institutes that insist that oversight and auditing is unnecessary.