Audit events for the connection
The connection to IBM Cloud Identity Connect has two audit events.
The audit events are generated on both success and failure cases.
Audit Event Scenario IBMCI_CONNECT_EVENT Generated when the administrator connects the IBM Security Verify Access deployment to Cloud Identity Connect, and also when the connection is updated. IBMCI_DISCONNECT_EVENT Generated when the administrator disconnects IBM Security Verify Access from Cloud Identity Connect.
We can use the typical IBM Security Verify Access methods to configure auditing. From the LMI, select Monitor > Logs > Audit Configuration and enable syslog. Enable audit logs and verbose audit events.
To view the log files, select Monitor > Logs > Application Log Files. Under Tree View, expand Federation and Auditing to access the file audit.log.
IBMCI_CONNECT_EVENT
<CommonBaseEvent creationTime="2017-03-22T02:54:34.707Z" extensionName="IBM_SECURITY_CBA_AUDIT_MGMT" globalInstanceId="9a95072a-7e7f-4052-8a12-87c5ee15f7aa" version="1.0.1"><sourceComponentId component="Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" componentIdType="ProductName" location="isam.myidp.ibm.com" locationType="FQHostname"/><reporterComponentId application="IBM Security Verify Access" component="Context-Based Authorization" componentIdType="ProductName" location="isam.myidp.ibm.com" locationType="FQHostname" componentType="http://www.ibm.com/namespaces/autonomic/Tivoli_componentTypes"/><extendedDataElements name="AUDIT_SCHEMA_VERSION" type="string"><values>1.2</values></extendedDataElements><extendedDataElements name="actionInfo" type="noValue"><children name="urn:oasis:names:tc:xacml:1.0:action:action-id" type="string"><values>IBMCI_CONNECT_EVENT</values></children></extendedDataElements><extendedDataElements name="outcome" type="noValue"><children name="result" type="string"><values>SUCCESSFUL</values></children></extendedDataElements><extendedDataElements name="userInfoList" type="noValue"><children name="appUserName" type="string"><values>admin</values></children></extendedDataElements><extendedDataElements name="resourceInfo" type="protectedResource"><children name="RESTInvocationURI" type="string"><values>/iam/access/v8/apollo/connect/import/8965697a-8597-4c65-b90a-e023652bd9e3 </values></children></extendedDataElements></CommonBaseEvent>
IBMCI_DISCONNECT_EVENT
<CommonBaseEvent creationTime="2017-03-22T02:55:39.561Z" extensionName="IBM_SECURITY_CBA_AUDIT_MGMT" globalInstanceId="fc66988e-4bdd-41ec-81d2-a071b1d63902" version="1.0.1"><sourceComponentId component="Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" componentIdType="ProductName" location="isam.myidp.ibm.com" locationType="FQHostname"/><reporterComponentId application="IBM Security Verify Access" component="Context-Based Authorization" componentIdType="ProductName" location="isam.myidp.ibm.com" locationType="FQHostname" componentType="http://www.ibm.com/namespaces/autonomic/Tivoli_componentTypes"/><extendedDataElements name="AUDIT_SCHEMA_VERSION" type="string"><values>1.2</values></extendedDataElements><extendedDataElements name="actionInfo" type="noValue"><children name="urn:oasis:names:tc:xacml:1.0:action:action-id" type="string"><values>IBMCI_DISCONNECT_EVENT</values></children></extendedDataElements><extendedDataElements name="outcome" type="noValue"><children name="result" type="string"><values>SUCCESSFUL</values></children></extendedDataElements><extendedDataElements name="userInfoList" type="noValue"><children name="appUserName" type="string"><values>admin</values></children></extendedDataElements><extendedDataElements name="resourceInfo" type="protectedResource"><children name="RESTInvocationURI" type="string"><values>/iam/access/v8/apollo/disconnect</values></children></extendedDataElements> </CommonBaseEvent>
Parent topic: Connect Verify Access to IBM Security Verify