System audit logs are important and therefore, they are protected and retained. These logs adhere to the applicable legal and regulatory compliance obligations. If there is a security breach, the system audit logs ensure a unique user access accountability to detect potentially suspicious network behaviors, file integrity anomalies, and support forensic investigation .

The service continuously collects and monitors environment logs, which are correlated with both public and private threat feeds to detect suspicious and unusual activities. Also, intrusion detection devices such as honeypots are used.

Audit logs are centrally stored and retained whenever required. The Information Security Management System (ISMS) tests the audit logs annually and the VMware Security Operations Center monitors and reviews them continuously.

VMware has an intrusion detection system and other tools to monitor any deviations in production from the baseline configurations, and generate notifications.