Context objects for security auditing

Context objects for security auditing

Each event has an associated set of information that is available for logging. This information is grouped into specific context objects. The context objects that are available for logging a specific event are specified by the event type. All event types have the sessionContextObj, eventContextObj, accessContextObj, propogationContextObj, processContextObj and registryContextObj objects. This page specifies which additional context objects are available for each event type.

Table 1. Context objects associated with event types

Event Type Additional Context Objects
SECURITY_AUTHN authnContextObj, providerContextObj
SECURITY_AUTHN_DELEGATION delegationContextObj
SECURITY_AUTHN_MAPPING authnMappingContextObj, providerContextObj
SECURITY_AUTHZ providerContextObj, policyContextObj
SECURITY_ENCRYPTION keyContextObj
SECURITY_MGMT_AUDIT mgmtContextObj
SECURITY_RESOURCE_ACCESS responseContextObj

For more details on the auditable data that is gather for each of these context objects, see the information for context object fields.

Related tasks

Enable the security auditing subsystem
Create security auditing event type filters

Related

Context object fields

Event Type	Additional Context Objects
SECURITY_AUTHN	authnContextObj, providerContextObj
SECURITY_AUTHN_DELEGATION	delegationContextObj
SECURITY_AUTHN_MAPPING	authnMappingContextObj, providerContextObj
SECURITY_AUTHZ	providerContextObj, policyContextObj
SECURITY_ENCRYPTION	keyContextObj
SECURITY_MGMT_AUDIT	mgmtContextObj
SECURITY_RESOURCE_ACCESS	responseContextObj