Auditable security events are security events that have audit instrumentation added to the security run time code to enable them to be recorded. Event filters are configured to specify which auditable security events are recorded to the audit log files.
Event name | Description |
---|---|
SECURITY_AUTHN | Audits all authentication events |
SECURITY_AUTHN_MAPPING | Audits events that record mapping of credentials where two user identities are involved |
SECURITY_AUTHN_TERMINATE | Audits authentication termination events such as a timeout, terminated session, or user-initiated logging out |
SECURITY_AUTHZ | Audits events related to authorization checks when the system enforces access control policies |
SECURITY_MGMT_AUDIT | Audits events that record operations related to the audit subsystem such as starting audit, stopping audit, turning audit on or off, changing configuration of audit filters or level, archiving audit data, purging audit data, and so on. |
SECURITY_RESOURCE_ACCESS | Audits events that record all accesses to a resource. Examples are all accesses to a file, all HTTP requests and responses to a given Web page, and all accesses to a critical database table |
SECURITY_SIGNING | Audits events that record signing such as signing operations used to validate parts of a SOAP Message for Web services |
SECURITY_ENCRYPTION | Audits events that record encryption information such as encryption for Web services |
SECURITY_AUTHN_DELEGATION | Audits events that record delegation, including identity assertion, RunAs, and low assertion. Used when the client identity is propagated or when delegation involves the use of a special identity. This event type is also used when switching user identities within a given session. |
SECURITY_AUTHN_CREDS_MODIFY | Audits events to modify credentials for a given user identity |