The filterConfiguration attribute lists event groups, which are used to enable one or more events to pass through the event filter. Each group listed in the filterConfiguration attribute contains the attributes listed in Table 10–2.
Table 10–2 filterConfiguration Attributes
Example 10–5 illustrates the default Resource Management group.
<Object name=’Resource Management’> <Attribute name=’enabled’ value=’true’/> <Attribute name=’displayName’ value=’UI_RESOURCE_MGMT_GROUP_DISPLAYNAME’/> <Attribute name=’enabledEvents’> <List> <Object> <Attribute name=’objectType’ value=’Resource’/> <Attribute name=’actions’ value=’ALL’/> <Attribute name=’results’ value=’ALL’/> </Object> <Object> <Attribute name=’objectType’ value=’ResourceObject’/> <Attribute name=’actions’ value=’ALL’/> <Attribute name=’results’ value=’ALL’/> </Object> </List> </Attribute> </Object> |
Waveset provides default audit event groups. These groups, and the events they enable, are described in the following sections:
You can configure each group from the Audit Configuration page of the Waveset Administrator interface (Configure > Audit). See Configuring Audit Groups and Audit Events for instructions.
The Audit Configuration page allows you to configure successful or failed events for each group. The interface does not support adding or modifying enabled events for groups, but you can do this by using the Waveset debug pages (see The Waveset Debug Page).
The default event groups and the events they enable are described in the following sections.
Setting the Actions value to All does not specify a default set of actions for the object type. Rather, the All value means that there are no actions specified for the object type, and that Waveset can audit any action for the object type.
This group is enabled by default.
Table 10–3 Default Account Management Event Groups
Type |
Actions |
---|---|
EncryptionKey |
All Actions |
Identity System Account |
All Actions |
Resource Account |
Approve, Create, Delete, Disable, Enable, Modify, Pending Create, Pending Delete, Pending Disable, Pending Enable, Pending Rename, Pending Update, Reject, Rename, Unlock |
Provisioning Request |
Completed, Not Completed |
Workflow Case |
End Activity, End Process, End Workflow, Start Activity, Start Process, Start Workflow |
User |
Approve, Create, Delete, Deprovision, Disable, Enable, Modify, Reject, Rename |
This group is enabled by default.
Table 10–4 Default Waveset Logins/Logoffs Event Groups
Type |
Actions |
---|---|
User |
Credentials Expired, Lock, Login, Logout, Unlock, Username Recovery |
This group is enabled by default.
Table 10–5 Default Waveset Report Modifications Event Groups
Type |
Actions |
---|---|
TaskTemplate |
Create, Delete, Disable, Enable, Modify |
This group is enabled by default.
Table 10–6 Default Password Management Event Groups and Events
Type |
Actions |
---|---|
Resource Account |
Change Password, Reset Password |
This group is enabled by default.
Table 10–7 Default Resource Management Event Groups and Events
Type |
Actions |
---|---|
Resource |
All Actions |
ResourceForm |
All Actions |
ResourceObject |
All Actions |
Workflow Case |
End Activity, End Process, End Workflow, Start Activity, Start Process, Start Workflow |
ResourceAction |
All Actions |
AttrParse |
All Actions |
This group is disabled by default.
Table 10–8 Default Role Management Event Groups and Events
Type |
Actions |
---|---|
Role |
All Actions |
This group is enabled by default.
Table 10–9 Default Security Management Event Groups and Events
Type |
Actions |
---|---|
Capability |
All Actions |
EncryptionKey |
All Actions |
Organization |
All Actions |
Admin Role |
All Actions |
This group is disabled by default.
Table 10–10 Task Management Event Groups and Events
Type |
Actions |
---|---|
ProvisioningTask |
All Actions |
TaskDefinition |
All Actions |
TaskInstance |
All Actions |
TaskSchedule |
All Actions |
TaskResult |
All Actions |
This group is disabled by default.
Table 10–11 Changes Outside Waveset Event Groups and Events
Type |
Actions |
---|---|
ResourceAccount |
NativeChange |
This group is enabled by default.
Table 10–12 Default Configuration Management Event Groups
Type |
Actions |
---|---|
Configuration |
All Actions |
Data Exporter |
All Actions |
Database Connection |
All Actions |
EmailTemplate |
All Actions |
Log |
All Actions |
LoginConfig |
All Actions |
Policy |
All Actions |
Rule |
All Actions |
UserForm |
All Actions |
XmlData |
Import |
This group is enabled by default.
Table 10–13 Service Provider Event Groups and Events
Type |
Actions |
---|---|
Directory User |
Challenge Response, Create, Delete, Modify, Post-Operation Callout, Pre-Operation Callout, Update Authentication Answers, Username Recovery |
This group is enabled by default.
Table 10–14 Default Event Management Event Groups
Type |
Actions |
---|---|
|
Notify |
TestNotification |
Notify |
This group is enabled by default.
Table 10–15 Default Compliance Management Group Events
Type |
Actions |
---|---|
Audit Policy |
All Actions |
AccessScan |
All Actions |
ComplianceViolation |
All Actions |
Data Exporter |
All Actions |
UserEntitlement |
Attestor Approved, Attestor Rejected, Remediation Requested, Rescan Requested, Terminate |
Access Review Workflow |
All Actions |
Remediation Workflow |
All Actions |