A friend thinks you can answer this question about Audit Log Automation
Your team has logs flowing into Splunk from 80% of in-scope systems. Zero active detection rules are written. SOC 2 auditor says 'logs look fine.' Are you secure?