# 📡 Evidence – Monitoring & SIEM Integration

## Purpose
Evidence supporting logging, alerting, and forensic readiness using Wazuh and system-level audit mechanisms.

## Included Artifacts
- Wazuh agent and server logs
- SIEM dashboard screenshots
- Custom alert rules
- Log forwarding rules (if applicable)

## Review Checklist
- [ ] Agent deployment logs available
- [ ] Alerts fire on auth failures, sudo, etc.
- [ ] Central log retention meets policy