Question regarding monitoring security via system logs

Issue

Security team would like to know if there are any strings which can be searched in system logs.
Is there a list of strings (or regular expressions) that would help identify security related events that are already being sent to an internal security incident management tool?

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Here are the common uses of Markdown.

Code blocks

~~~
Code surrounded in tildes is easier to read
~~~

Links/URLs

[Red Hat Customer Portal](https://access.redhat.com)