Problem
Consider an automated audit log analysis tool. This tool could be used to distinguish "suspicious activities" from normal user behaviour on a system for some organisations. (This tool could be used for many more purposes as well.)
i. Explain the limitations of the "automated audit log analysis tool" as a security control?
ii. Discuss in detail the pros and cons of the automated audit log analysis tool?