Overview[1]#

CategoryEvent NameXDAS IDeDirectory Event TypeDescriptionUsage
Account ManagementCREATE_ACCOUNT0.0.0.0DSE_CREATE_ENTRYCreate a new accountConsider this event as appropriate for any situation wherein an account, as defined above, is to be created.
Account ManagementDELETE_ACCOUNT0.0.0.1DSE_DELETE_ENTRYDelete an existing accountThis event has the opposite semantic meaning of account creation. Use this event wherever such an account, as described above, is to be deleted.
Account ManagementDisable Account0.0.0.2DSE_LOGINDisable an existing accountConsider this event relevant for any situation where a particular record in an identifier database is disabled by an administrator or an automated security process such that it can no longer be used until it is re-enabled
Account ManagementEnable Account0.0.0.3 Enable an existing accountThis is the counterpart event to the disable account event defined above.
Account ManagementQuery Account0.0.0.4DSE_SEARCHQuery an existing accountConsider the Query account events whenever a request for the attribute information of a particular account is made.
Account ManagementModify Account0.0.0.5DSE_MERGE_ENTRIESModify an existing accountConsider the Modify account events whenever a request to change attribute information of a particular account is made.
Account ManagementModify Account Security Token0.0.0.6DSE_CHGPASSModify an existing account security tokenAn account security token may be a password, or any other type of authentication materials associated with a user account. Here, a user account means any type of account by which a user, application, or system service may authenticate, and then act with the rights of that account.
Session ManagementCREATE_SESSION0.0.1.0 Create a new sessionThis event should be reported whenever a new session (as defined above) is created.
Session ManagementTERMINATE_SESSION0.0.1.1 Terminate an existing sessionThis event should be reported whenever an existing session (as defined above) is terminated.
Session ManagementQuery Session0.0.1.2 Query user session attributesThis event should be reported whenever attribute information is requested on an existing session.
Session ManagementModify Session0.0.1.3DSE_CHANGE_CONN_STATEModify user session attributesThis event should be reported whenever attribute information is modified on an existing session.
Data-Resource ManagementCreate Data Item0.0.2.0DSE_CREATE_ENTRYCreate a data itemThis event is reported whenever a security-relevant data item or resource element is created.
Data-Resource ManagementDelete Data Item0.0.2.1DSE_DELETE_ENTRYDelete a data itemThis event is reported whenever a security-relevant data item or resource element is deleted
Data-Resource ManagementQuery Data Item Attribute0.0.2.2DSE_COMPARE_ATTR_VALUEQuery data item attributesThis event is reported whenever a security-relevant data item or resource element is queried – either for value, or for an attribute of the data item.
Data-Resource ManagementModify Data Item Attribute0.0.2.3DSE_DEFINE_ATTR_DEF
DSE_REMOVE_ATTR_DEF
DSE_REMOVE_CLASS_DEF
DSE_DEFINE_CLASS_DEF
DSE_MODIFY_CLASS_DEF
Modify data item attributesThis event is reported whenever a security-relevant data item or resource element is modified – either the value, or an attribute of the data item
Service ManagementInstall Service0.0.3.0DSE_CHANGE_MODULE_STATEInstall a service or applicationThis event is reported when a service or application is installed
Service ManagementRemove Service0.0.3.1DSE_CHANGE_MODULE_STATERemove a service or applicationThis event is reported when a service or application is removed.
Service ManagementQuery Service Configuration0.0.3.2 Query the configuration of a service or applicationThis event is reported when service or application configuration information is requested.
Service ManagementModify Service Configuration0.0.3.3 Modify configuration of a service or applicationThis event is reported when service or application configuration information is modified.
Service ManagementDisable Service0.0.3.4DSE_CLOSE_BINDERYDisable a service or applicationThis event is reported when a service, operation or function is disabled.
Service ManagementEnable Service0.0.3.5DSE_OPEN_BINDERYEnable a service or applicationThis event ise reported when a service, operation or function is enabled.
Service UtilizationInvoke Service0.0.4.0DSE_START_UPDATE_SCHEMAInvoke a service or applicationThis event is reported when a security-relevant service is invoked.
Service UtilizationTerminate Service0.0.4.1DSE_END_UPDATE_SCHEMATerminate a service or applicationThis event is reported when a service is terminated.
Service UtilizationQuery Process Context0.0.4.2 Query a processing contextThis event is reported when any attributes of a process context are queried – this event is somewhat specific to operating systems, but some use can be found in other domain-specific applications.
Service UtilizationModify Process Context0.0.4.3DSE_SERVER_RENAME
DSE_SYNTHETIC_TIME
DSE_SERVER_ADDRESS_CHANGE
Modify processing contextThis event is reported when any attributes of a process context are modified – this event is somewhat specific to operating systems, but some use can be found in other domain-specific applications.
Peer AssociationCreate Peer Association0.0.5.0 Create an association with a peerThis event is reported when a new peer association is created.
Peer AssociationTerminate Peer Association0.0.5.1 Terminate an association with a peerThis event is reported when an existing peer association is destroyed.
Peer AssociationQuery Association Context0.0.5.2 Query an association contextThis event is reported when the attributes of a peer association are queried.
Peer AssociationModify Association Context0.0.5.3 Modify an association contextThis event is reported when the attributes of a peer association are modified.
Peer AssociationReceive Data Via Association0.0.5.4 Receive data via an associationThis event is reported when data is received from a service in an authentication domain specifically via a trust relationship or peer association.
Peer AssociationSend Data Via Association0.0.5.5 Send data via an associationThis event is reported when data is sent to a service in an authentication domain specifically via a trust relationship or peer association.
Resource AccessCreate Data Item Association0.0.6.0 Create association with a data itemThis event is reported when rights are granted by an identity to a specific data item – when a trust relationship is established between an identity and a data item.
Resource AccessTerminate Data Item Association0.0.6.1 Terminate association with a data itemThis event is reported when rights are revoked from an identity to a specific data item – when a trust relationship is revoked between an identity and a data item.
Resource AccessQuery Data Item Association0.0.6.2 Query context of association with a data itemThis event is reported when rights are queried for an identity on a specific data item – when trust relationship attributes are queried for a specific identity and data item.
Resource AccessModify Data Item Association0.0.6.3 Modify context of association with data itemThis event is reported when rights are modified on the previously established relationship between an identity and specific data item.
Resource AccessQuery Data Item Contents0.0.6.4 Query data item contentsThis event is reported when a data item is read on behalf of an identity.
Resource AccessModify Data Item Contents0.0.6.5 Modify data item contentsThis event is reported when a data item is written on behalf of an identity.
Workflow managementGRANT_ACCOUNT_ACCESS0.0.7.0 Initiate a request for PermissionApproval for a Permission item has been requested.
Workflow managementReceive Work Flow Approval0.0.7.1 Receive a work flow approval noticeApproval for a work flow item has been received by appropriate authority.
Workflow managementEscalate Work Flow Request0.0.7.2 A work flow item was escalatedA work flow request has been escalated.
Workflow managementSend Work Flow Notification0.0.7.3 A work flow notification was sentSent a work flow change notification.
Role ManagementCreate Role0.0.8.0 Create a new roleCreates a new role, or an attempt is made to create a new role.
Role ManagementDelete Role0.0.8.1 Delete an existing roleAn existing role is deleted, or an attempt is made to delete an existing role.
Role ManagementDisable Role0.0.8.2 Disable an existing roleAn existing role is disabled, or an attempt is made to disable an existing role.
Role ManagementEnable Role0.0.8.3 Enable an existing roleA previously disabled role is re-enabled, or an attempt is made to enable a previously disabled role.
Role ManagementQuery Role0.0.8.4 Query role attributesRole attributes are queried, or an attempt is made to query role attributes.
Role ManagementModify Role0.0.8.5 Modify a role attributeRole attributes are modified, or an attempt is made to modify role attributes.
Exceptional EventsStart System0.0.9.0 Start a systemThis event is reported when a server, system, or mission-critical application starts up.
Exceptional EventsShutdown System0.0.9.1 Shutdown a systemThis event is reported when a server, system, or mission critical application shuts down.
Exceptional EventsResource Exhaustion0.0.9.2 Resource exhaustionThis event is reported when a server, system, or mission critical application runs out of some critical resource, like memory or disk space. It is often difficult to report such events because often the critical resource in question is required in order to report the event.
Exceptional EventsResource Corruption0.0.9.3 Resource CorruptionThis event is reported when a server, system, or mission critical application detects a resource corruption (memory, disk file, etc).
Exceptional EventsResource Unavailable0.0.9.4 Resource UnavailableThis event is reported when a server, system, or mission critical application becomes unavailable.
Exceptional EventsResource Available0.0.9.5 Resource AvailableThis event is reported when a server, system, or mission critical application becomes available. This event is usually reported if the resource has been unavailable for a period of time.
Exceptional EventsBack up Data Store0.0.9.6 Back up Data StoreThis event is reported when a server, system, or mission critical application backs up a critical data store.
Exceptional EventsRecover Data Store0.0.9.7 Recover Data StoreThis event is reported when a server, system, or mission critical application restores a critical data store.
Audit ServiceConfigure Audit Service0.0.10.0 Configure audit serviceConfiguration data has been changed for an audit subsystem. OpenXDAS reports this event when a SIGHUP is received, indicating that the xdasd configuration file has been modified and should be re-read.
Audit ServiceAudit Data Store Full0.0.10.1 Audit datastore is fullThis event is reported by OpenXDAS when an audit log is full, and can no longer accept additional audit records. Where possible, space is reserved for this event, in case it must be reported.
Audit ServiceAudit Data Store Corrupted0.0.10.2 Audit datastore is corruptedThis event is reported by OpenXDAS when the data store reports that an audit log has been corrupted. Generally, this condition is not detected unless a request is made to read an audit stream, and the audit log reports that it cannot be read due to corruption.
AuthenticationsAuthenticate Session0.0.11.0 A new identity is associated with a sessionWhen a user authenticates a session, a new identity is associated with that session. This identity is then used to authorize requests for protected resources.
AuthenticationsUnauthenticate Session0.0.11.1 A user has actively disassociated his identity from an existing authenticate session.When a user clicks the “Logout” button on his or her web browser, the previously authenticated identity is removed from an existing authenticated session.
AuthenticationsFederate Identity0.0.11.2 A remote identity is associated with a local identity.An identity relationship is established between a user at XYZ.COM and the local identity provider.
AuthenticationsUnfederate Identity0.0.11.3 A remote identity is disassociated from a local identity.An existing identity relationship between a user at an external identity provider and the local identity provider is removed.
AuthenticationsCreate Access Token0.0.11.4 A SAMLv2, WS-*, OAuth, or other access token was provided upon request.A resource access token was created by a service (or identity) provider to send to a service consumer. Access is limited by time frame, specifically requested resources, or other limiting criteria, in terms of a contract specified by previously agreed upon name/value pairs in the token. The act of creating and sending an access token is the start of a new pseudo-identity with limited and specific rights to protected resources. This pseudo-identity can be used as a correlation identifier between this and future authorization events. The actually identity of the system user behind the access token may or may not be hidden from the consumer.
AuthenticationsDestroy Access Token0.0.11.5 An existing SAMLv2, WS-*, OAuth, or other access token was destroyed or decommissioned.A previously created access token was decommissioned such that it is no longer allowed to be used for access to protected resources. Future requests for access to protected resources, based on this access token should be denied.

More Information #

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-34) was last changed on 24-May-2017 15:40 by jim