IBM_SECURITY_CBA_AUDIT_RTE events

This event type identifies the security context-based authorization events, such as device registration.

The following table lists the elements that can be shown in the output of an IBM_SECURITY_CBA_AUDIT_RTE event. All elements are included in the output, unless indicated otherwise.

--> -->
Element Description
creationTime Date and time when the event was issued.

For example: 2013-09-11T19:18:04.140Z

The letter Z in the sample that is shown indicates the UTC format. All time stamps are issued in UTC format. There is no provision for specifying local time.

This element is a container element and has no valid XPath. A valid XPath requires a values declaration. This container element uses the children of the ComponentIdentification element type.

actionInfo Provides information about the management action that is performed on a resource.

This element is a container element and has no valid XPath. A valid XPath requires a values declaration. This container element uses the children of the ComponentIdentification element type.

actionInfo action-id Action that caused this event. Possible actions include:

  • CALCULATE_RISK_SCORE_EVENT
  • DEVICE_DELETION_EVENT
  • DEVICE_REGISTRATION_EVENT
  • JAVASCRIPT_EVENT

XPath: CommonBaseEvent/extendedDataElements /[@name= ’ actionInfo’]/children[@name=’ urn:oasis:names:tc:xacml:1.0:action:action-id’ ]/values

outcome Specifies the outcome of the action for which the security event is generated.

This element is a container element and has no valid XPath. A valid XPath requires a values declaration. This container element uses the children of the ComponentIdentification element type

outcome.failureReason Provides additional information about the outcome.

Included in the output when the result is FAILURE.

XPath: CommonBaseEvent/extendedDataElements /[@name=’outcome’]/children[@name=’failureReason’]/values

outcome result Specifies the overall status of the event that is commonly used for filtering. The following values are possible for the status:

  • FAILURE
  • SUCCESSFUL

XPath: CommonBaseEvent/extendedDataElements /[@name=’outcome’]/children[@name=’result’]/values

userInfoList Provides information about the user who accesses the resource.

This element is a container element and has no valid XPath. A valid XPath requires a values declaration. This container element uses the children of the ComponentIdentification element type.

userInfoList appUserName Name of the user.

XPath: CommonBaseEvent/extendedDataElements /[@name=’userInfoList’]/children[@name=’appUserName’]/values

extensionName Name of the event class that this event represents. The name indicates any additional elements that are expected to be present within the event. The value for context-based authorization runtime events is IBM_SECURITY_CBA_AUDIT_RTE.

This element is a container element and has no valid XPath. A valid XPath requires a values declaration. This container element uses the children of the ComponentIdentification element type.

globalInstanceId Primary identifier for the event. This property must be globally unique and can be used as the primary key for the event.

For example: f0c93637-ada2-4afb-9687-47a7ec1fa3a7

This element is a container element and has no valid XPath. A valid XPath requires a values declaration. This container element uses the children of the ComponentIdentification element type.

msg Specifies additional information when the outcome is SUCCESSFUL.

This element is a container element and has no valid XPath. A valid XPath requires a values declaration. This container element uses the children of the ComponentIdentification element type.

Parent topic: Audit Advanced Access Control