SB9: The logs must periodically be reviewed for anomalous behavior, whether the system is managed directly by Harvard or via contract with a third-party service provider for Harvard's use (e.g. IaaS, SaaS).
Use software (e.g. Splunk) to periodically review the server and application logs to see if the system is under attack (e.g., many bad password guesses) and that the users are following documented practices (e.g., not logging as root).