Context objects for security auditing


Each event has an associated set of information that is available for logging. This information is grouped into specific context objects. The context objects that are available for logging a specific event are specified by the event type. All event types have the sessionContextObj, eventContextObj, accessContextObj, propogationContextObj, processContextObj and registryContextObj objects. This page specifies which additional context objects are available for each event type.


Table 1. Context objects associated with event types

Event Type Additional Context Objects
SECURITY_AUTHN authnContextObj, providerContextObj
SECURITY_AUTHN_DELEGATION delegationContextObj
SECURITY_AUTHN_MAPPING authnMappingContextObj, providerContextObj
SECURITY_AUTHZ providerContextObj, policyContextObj
SECURITY_ENCRYPTION keyContextObj
SECURITY_MGMT_AUDIT mgmtContextObj
SECURITY_RESOURCE_ACCESS responseContextObj

For more details on the auditable data that is gather for each of these context objects, see the information for context object fields.



 

Related tasks


Enable the security auditing subsystem
Create security auditing event type filters

 

Related


Context object fields