Overview#
XDAS Security Events are events within eDirectory XDAS considered Security relevant.| Event Name | Event Identifier | eDirectory Event Type | Description | Use |
|---|---|---|---|---|
| Query Account Security Token | 0.0.12.3 | DSE_NMAS_LOG_GET_LOGIN_CONFIG DSE_NMAS_LOG_GET_PWD_STATUS DSE_NMAS_LOG_GET_DIST_PWD DSE_NMAS_LOG_GET_PWD DSE_NMAS_LOG_GET_PWD_HISTORY DSE_NMAS_LOG_GET_ALL_LOGIN_CONFIG DSE_NMAS_LOG_GET_ALL_LOGIN_SECRET DSE_NMAS_LOG_CHECK_PWD_SYNTAX_POLICY | Requesting for an existing account security token. | An account security token may be a password, or any other type of authentication materials associated with a user account. Here, a user account means any type of account by which a user, application, or system service may authenticate, and then act with the rights of that account. |
| Create Connection | 0.0.12.4 | DSE_CONNECTION | The creation of a communication channel between system components. | This event is reported when a communication channel is created between system components. |
| Terminate Connection | 0.0.12.5 | DSE_CONNECTION | The closure of a communications channel between system components. | This event is reported when an existing communication channel is terminated between system components. |
| CREATE_SESSION | 0.0.2.0 | DSE_LOGIN_EX DSE_NMAS_LOG_SRVR_BEGIN_LOGIN DSE_NMAS_LOG_FINISH_LOGIN_STATUS DSE_NMAS_LOG_SASL_MECHANISM_RESULT | Create a new session. | This event should be reported whenever a new session is created. For example, logging in to the eDirectory system. |
| TERMINATE_SESSION | 0.0.2.1 | DSE_LOGOUT | Terminate an existing session. | This event should be reported whenever an existing session (as defined above) is terminated. For example, logging out of the eDirectory system. |
| AUTHENTICATE_SESSION | 0.0.2.4 | DSE_AUTHENTICATE DSE_IMPERSONATE DSE_EBA_BA_FAILURE DSE_VERIFY_PASS | A new identity is associated with a session. | When a user authenticates a session, a new identity is associated with that session. This identity is then used to authorize requests for protected resources. |
| Intruder Lockout | 0.0.0.9 | DSE_ADD_VALUE | Lockout of an account. | This event is reported during lockout of an account. |
| ACCOUNT_UNLOCK | 0.0.0.10 | DSE_DELETE_VALUE | Unlock of a Locked By Intruder. | This event is reported when an locked account is unlocked. |
| Grant Account Access | 0.0.0.7 | DSE_ADD_VALUE | Grant access to an account for an object. | This event is reported when access is granted for a object to an account. |
| Revoke Account Access | 0.0.0.8 | DSE_DELETE_VALUE | Revoke access from an account for an object. | This event is reported when a object is removed from an account. |
| Audit Config | 0.0.9.0 | DSE_ADD_VALUE DSE_DELETE_VALUE | The modification of the parameters controlling the operation of the audit service. | This event is reported when any modification is done to the parameters that are controlling the audit service. |
