IBM_SECURITY_ENCRYPTION events

This event is generated whenever data is encrypted. The following table lists the elements that can be shown in the output of an IBM_SECURITY_ENCRYPTION event.

Element	Description
action	The operation being performed, either encryption or decryption.The XPath is: CommonBaseEvent/extendedDataElements [@name='action']/values
keyInfo	The key used to perform the action.The XPath is: CommonBaseEvent/extendedDataElements [@name='keyInfo']/values
msgInfo	Pertinent parts of the SOAP messages.The XPath is: CommonBaseEvent/extendedDataElements [@name='msgInfo']/values

Element

Description

action

The operation being performed, either encryption or decryption.The XPath is:

CommonBaseEvent/extendedDataElements
[@name='action']/values

keyInfo

The key used to perform the action.The XPath is:

CommonBaseEvent/extendedDataElements
[@name='keyInfo']/values

msgInfo

Pertinent parts of the SOAP messages.The XPath is:

CommonBaseEvent/extendedDataElements
[@name='msgInfo']/values

Sample of a IBM_SECURITY_ENCRYPTION event

The following example shows an IBM_SECURITY_ENCRYPTION event:

<CommonBaseEvent 
 creationTime="2006-04-18T18:02:09.824Z" 
 extensionName="IBM_SECURITY_ENCRYPTION" 
 globalInstanceId="CE11DECF0574918190EA65C3F4A1F4E637" 
 sequenceNumber="23" 
 version="1.0.1">
 <extendedDataElements name="keyInfo" type="string">
  <values>DefaultKeyStore_testkey</values>
 </extendedDataElements>
 <extendedDataElements name="action" type="string">
  <values>Encrypt</values>
 </extendedDataElements>
 <extendedDataElements name="outcome" type="noValue">
  <children name="majorStatus" type="int">
   <values>0</values></children>
  <children name="result" type="string">
   <values>SUCCESSFUL</values></children>
 </extendedDataElements>
 <extendedDataElements name="msgInfo" type="string">
  <values>[{urn:oasis:names:tc:SAML:2.0:protocol}Response[0] 
   {http://www.w3.org/2000/09/xmldsig#}Signature[0]]</values>
 </extendedDataElements>
 <extendedDataElements name="userInfo" type="noValue">
  <children name="appUserName" type="string">
   <values>Not Available</values></children>
  <children name="registryUserName" type="string">
   <values>Not Available</values></children>
 </extendedDataElements>
<sourceComponentId 
 application="IBM Security Verify Access" 
 component="Authentication and Federated Identity" 
 componentIdType="ProductName" 
 executionEnvironment="Linux[x86]#2.4.21-4.EL" 
 location="fimtest.myco.com" 
 locationType="FQHostname" 
 subComponent=
"com.tivoli.am.fim.kess.service.jks.worker.impl.KessServiceJksWorkerImpl" 
 threadId="WebContainer : 1" 
 componentType="http://www.ibm.com/namespaces/autonomic/Tivoli_componentTypes"/>
 <situation categoryName="ReportSituation">
   <situationType xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
                  xsi:type="ReportSituation" 
                  reasoningScope="INTERNAL" 
                  reportCatagory="SECURITY"/>
  </situation>
</CommonBaseEvent>

Parent topic: Audit Federation