The following tables provide Audit classification information. This table lists descriptions and examples.
Startup and Shutdown
Logs reporting on activity pertaining to the starting and stopping of a system, device, application, or other relevant object.
Logs reporting on activity pertaining to the state or configuration of a system where not related to a Policy.
Logs reporting on activity pertaining to the policy of a network, system, device, or other relevant object. Includes configuration changes related to a Policy
|Account Created||Logs reporting on activity related to user or system/computer account creation.|
|Logs reporting on the modification of a user or group outside granting/revoking access. No group level or access level changes.|
|Account Deleted||Logs reporting on activity related to user or system/computer account deletion.|
Logs reporting on activity related to granting of access rights and privileges.
Logs reporting on activity related to revocation of access rights and privileges.
Logs reporting success user and system authentication activity. User or system gaining access through any method of authentication.
Logs reporting failed user and system authentication activity. Due to bad credentials or unauthorized attempt (user not allowed to log in)
Logs reporting successful read, write, or execute access on files, programs, and other relevant objects.
Logs reporting failed read, write, or execute access on files, programs, and other relevant objects. Client Applications, Desktop Applications, Scripts
Other Audit Success
Logs reporting on successful audited activity not otherwise classifiable.
Other Audit Failure
Logs reporting on failed audited activity not otherwise classifiable.
Logs reporting on audited activity not otherwise classifiable.
Audit Classification Defaults
This table gives Audit Classification defaults for Risk Rating (RR), Event Forwarding, and LogMart Forwarding.
|Classification||Default Risk Rating *||Default Event Forwarding **||Default LogMart Forwarding|
|Startup and Shutdown||0 / 3 (Critical Service)||If RR > 0||If RR > 0|
|Access Granted||3 / 5 if admin privilege granted||Yes||Yes|
|Authentication Success||0 / 1 if privileged user||If RR > 0||Yes|
|Other Audit Success||0||No||No|
|Other Audit Failure||1||Yes||Yes|
* This is the usual Risk Rating assigned to a Common Event associated with this classification. However, Risk Ratings varies by Common Event within the same classification. This value is a general default, not strictly enforced.
** This is the default setting for forwarding the log to the Platform Manager assigned to a Common Event associated with this classification.