ElasticSearch Proposal
The proposed design has Elasticsearch which will store logs a period of time(lets assume a week) and discovery engine will query the Elastic Search for aggregated data and recommend policy based on it.
Another thing we can do is that we can run is storing audit logs and KIEM report and based on it can run a query to get all the used permission by a subject and then compare it with already given rules to recommend over privilege subjects.
