Context objects for security auditing
Each event has an associated set of information that is available for logging. This information is grouped into specific context objects. The context objects that are available for logging a specific event are specified by the event type. All event types have the sessionContextObj, eventContextObj, accessContextObj, propogationContextObj, processContextObj and registryContextObj objects. This page specifies which additional context objects are available for each event type.
Table 1. Context objects associated with event types
Event Type Additional Context Objects SECURITY_AUTHN authnContextObj, providerContextObj SECURITY_AUTHN_DELEGATION delegationContextObj SECURITY_AUTHN_MAPPING authnMappingContextObj, providerContextObj SECURITY_AUTHZ providerContextObj, policyContextObj SECURITY_ENCRYPTION keyContextObj SECURITY_MGMT_AUDIT mgmtContextObj SECURITY_RESOURCE_ACCESS responseContextObj
For more details on the auditable data that is gather for each of these context objects, see the information for context object fields.
Enable the security auditing subsystem
Create security auditing event type filters
Context object fields