IBM_SECURITY_CBA_AUDIT

IBM_SECURITY_CBA_AUDIT_RTE events

This event type identifies the security context-based authorization events, such as device registration.
The following table lists the elements that can be shown in the output of an IBM_SECURITY_CBA_AUDIT_RTE event. All elements are included in the output, unless indicated otherwise.
--> -->
Element Description

creationTime Date and time when the event was issued.
For example: 2013-09-11T19:18:04.140Z
The letter Z in the sample that is shown indicates the UTC format. All time stamps are issued in UTC format. There is no provision for specifying local time.
This element is a container element and has no valid XPath. A valid XPath requires a values declaration. This container element uses the children of the ComponentIdentification element type.

actionInfo Provides information about the management action that is performed on a resource.
This element is a container element and has no valid XPath. A valid XPath requires a values declaration. This container element uses the children of the ComponentIdentification element type.

actionInfo action-id Action that caused this event. Possible actions include:

CALCULATE_RISK_SCORE_EVENT
DEVICE_DELETION_EVENT
DEVICE_REGISTRATION_EVENT
JAVASCRIPT_EVENT

XPath: CommonBaseEvent/extendedDataElements /[@name= ’ actionInfo’]/children[@name=’ urn:oasis:names:tc:xacml:1.0:action:action-id’ ]/values

outcome Specifies the outcome of the action for which the security event is generated.
This element is a container element and has no valid XPath. A valid XPath requires a values declaration. This container element uses the children of the ComponentIdentification element type

outcome.failureReason Provides additional information about the outcome.
Included in the output when the result is FAILURE.
XPath: CommonBaseEvent/extendedDataElements /[@name=’outcome’]/children[@name=’failureReason’]/values

outcome result Specifies the overall status of the event that is commonly used for filtering. The following values are possible for the status:

FAILURE
SUCCESSFUL
XPath: CommonBaseEvent/extendedDataElements /[@name=’outcome’]/children[@name=’result’]/values

userInfoList Provides information about the user who accesses the resource.
This element is a container element and has no valid XPath. A valid XPath requires a values declaration. This container element uses the children of the ComponentIdentification element type.

userInfoList appUserName Name of the user.
XPath: CommonBaseEvent/extendedDataElements /[@name=’userInfoList’]/children[@name=’appUserName’]/values

extensionName Name of the event class that this event represents. The name indicates any additional elements that are expected to be present within the event. The value for context-based authorization runtime events is IBM_SECURITY_CBA_AUDIT_RTE.
This element is a container element and has no valid XPath. A valid XPath requires a values declaration. This container element uses the children of the ComponentIdentification element type.

globalInstanceId Primary identifier for the event. This property must be globally unique and can be used as the primary key for the event.
For example: f0c93637-ada2-4afb-9687-47a7ec1fa3a7
This element is a container element and has no valid XPath. A valid XPath requires a values declaration. This container element uses the children of the ComponentIdentification element type.

msg Specifies additional information when the outcome is SUCCESSFUL.
This element is a container element and has no valid XPath. A valid XPath requires a values declaration. This container element uses the children of the ComponentIdentification element type.

Parent topic: Audit Advanced Access Control

Element	Description
creationTime	Date and time when the event was issued. For example: 2013-09-11T19:18:04.140Z The letter Z in the sample that is shown indicates the UTC format. All time stamps are issued in UTC format. There is no provision for specifying local time. This element is a container element and has no valid XPath. A valid XPath requires a values declaration. This container element uses the children of the ComponentIdentification element type.
actionInfo	Provides information about the management action that is performed on a resource. This element is a container element and has no valid XPath. A valid XPath requires a values declaration. This container element uses the children of the ComponentIdentification element type.
actionInfo action-id	Action that caused this event. Possible actions include: CALCULATE_RISK_SCORE_EVENT DEVICE_DELETION_EVENT DEVICE_REGISTRATION_EVENT JAVASCRIPT_EVENT XPath: CommonBaseEvent/extendedDataElements /[@name= ’ actionInfo’]/children[@name=’ urn:oasis:names:tc:xacml:1.0:action:action-id’ ]/values
outcome	Specifies the outcome of the action for which the security event is generated. This element is a container element and has no valid XPath. A valid XPath requires a values declaration. This container element uses the children of the ComponentIdentification element type
outcome.failureReason	Provides additional information about the outcome. Included in the output when the result is FAILURE. XPath: CommonBaseEvent/extendedDataElements /[@name=’outcome’]/children[@name=’failureReason’]/values
outcome result	Specifies the overall status of the event that is commonly used for filtering. The following values are possible for the status: FAILURE SUCCESSFUL XPath: CommonBaseEvent/extendedDataElements /[@name=’outcome’]/children[@name=’result’]/values
userInfoList	Provides information about the user who accesses the resource. This element is a container element and has no valid XPath. A valid XPath requires a values declaration. This container element uses the children of the ComponentIdentification element type.
userInfoList appUserName	Name of the user. XPath: CommonBaseEvent/extendedDataElements /[@name=’userInfoList’]/children[@name=’appUserName’]/values
extensionName	Name of the event class that this event represents. The name indicates any additional elements that are expected to be present within the event. The value for context-based authorization runtime events is IBM_SECURITY_CBA_AUDIT_RTE. This element is a container element and has no valid XPath. A valid XPath requires a values declaration. This container element uses the children of the ComponentIdentification element type.
globalInstanceId	Primary identifier for the event. This property must be globally unique and can be used as the primary key for the event. For example: f0c93637-ada2-4afb-9687-47a7ec1fa3a7 This element is a container element and has no valid XPath. A valid XPath requires a values declaration. This container element uses the children of the ComponentIdentification element type.
msg	Specifies additional information when the outcome is SUCCESSFUL. This element is a container element and has no valid XPath. A valid XPath requires a values declaration. This container element uses the children of the ComponentIdentification element type.