Event type filter settings


The Event type filter settings panel is used by an auditor to manage and create event type filters. Default event type filters have been included, this panel allows additional event type filters to be added. Existing event type filters are also managed using this panel.

To view this admin console page, click one of the following paths:

Name

The Name field specifies the unique name of the event type filter.

Enabled

The state of enablement of the filter is defined by the Enable check box. This field is represented as a boolean value. A value of true specifies that the enable field associated with the audit spec in the audit.xml is set to true. It does not imply that all configured event factories and service providers will be using this filter.

Filters still need to be configured for each event factory and service provider. Filters are enabled by default during configuration. However, if a filter has the enabled checkbox set to false, the filter will not gather or report data for the events and outcomes defined in that filter.

Events to associate with an audit filter

The Events to associate with an audit filter field specifies the auditable security events to be associated with this filter.

  • Selectable events:

    The Selectable events list displays the available auditable security events. To enable an event for this filter, select the event from the Selectable event outcomes list and then click Add.

  • Enabled events:

    The Enabled events list displays the audit security events that are currently enabled for this filter. To disable an event for this filter, select the event from the Enabled events list and then click Remove.

Event outcomes to associate with an audit filter

The Event outcomes to associate with an audit filter field specifies the auditable security event outcomes to be associated with this filter.

  • Selectable event outcomes:

    The Selectable event outcomes list displays the available auditable security event outcomes. To enable an event outcome for this filter, select the event outcome from the Selectable event outcomes list and then click Add.

  • Enabled event outcomes:

    The Enabled event outcomes list displays the audit security event outcomes that are currently enabled for this filter. To disable an event outcome for this filter, select the event outcome from the Enabled event outcomes list and then click Remove.





 

Related tasks


Audit the security infrastructure
Create security auditing event type filters

 

Related


Event type filters collection
Security Auditing detail