Class AMT_AuditPolicyRule
Used in features: Audit Log
Compatible with the following Intel AMT Releases: 4.0, 5.0, 5.1, 6.0,
6.1, 6.2, 7.0, 8.0, 8.1, 9.0, 9.5, 10.0, 11.0
CIM_ManagedElement
CIM_Policy
CIM_PolicySet
CIM_PolicyRule
AMT_AuditPolicyRule
class AMT_AuditPolicyRule
- extends CIM_PolicyRule
General Information:
Represents event
policies.
Qualifiers:
-------------
Version=7.0.0
Supported Fields
Summary |
string
|
PolicyRuleName A user-friendly name of this
PolicyRule.
|
string
|
CreationClassName CreationClassName indicates the name
of the class or the subclass used in the creation of an instance . .
.
|
string
|
SystemName The scoping System's Name.
|
string
|
SystemCreationClassName The scoping System's
CreationClassName.
|
string
|
ElementName A
user-friendly name for the object . . .
|
uint32[128]
|
AuditApplicationEventID
List of application events the policy rule applies to.
|
uint32[128]
|
PolicyType For each
audited event, a flag indicating the type of policy . .
.
|
Methods Summary |
uint32 |
SetAuditPolicy(Enable,
AuditedAppID, EventID, PolicyType) This routine is used to
enable or disable auditing of a single event . . .
|
uint32 |
SetAuditPolicyBulk(Enable,
AuditedAppID, EventID, PolicyType) This method enables or
disables auditing of multiple events. Certain events are predefined as
always logged . . .
|
|
Get(Instance) Gets the
representation of the instance
|
|
Pull(EnumerationContext,
MaxElements) Pulls instances of this class, following an
Enumerate operation
|
|
Enumerate()
Enumerates the instances of this class
|
|
Release(EnumerationContext)
Releases an enumeration context
|
PolicyRuleName
public string PolicyRuleName
- General Information:
A user-friendly name of this
PolicyRule.
Qualifiers:
-------------
Key
MaxLen=35
CreationClassName
public string CreationClassName
- General Information:
CreationClassName indicates the name of the
class or the subclass used in the creation of an instance. When used with the
other key properties of this class, this property allows all instances of this
class and its subclasses to be uniquely
identified.
Qualifiers:
-------------
Key
MaxLen=32
SystemName
public string SystemName
- General Information:
The scoping System's
Name.
Qualifiers:
-------------
Key
MaxLen=256
Propagated=CIM_System.Name
SystemCreationClassName
public string SystemCreationClassName
- General Information:
The scoping System's
CreationClassName.
Qualifiers:
-------------
Key
MaxLen=20
Propagated=CIM_System.CreationClassName
ElementName
public string ElementName
- General Information:
A user-friendly name for the object. This
property allows each instance to define a user-friendly name in addition to
its key properties, identity data, and description information.
Note that
the Name property of ManagedSystemElement is also defined as a user-friendly
name. But, it is often subclassed to be a Key. It is not reasonable that the
same property can convey both identity and a user-friendly name, without
inconsistencies. Where Name exists and is not a Key (such as for instances of
LogicalDevice), the same information can be present in both the Name and
ElementName properties. Note that if there is an associated instance of
CIM_EnabledLogicalElementCapabilities, restrictions on this properties may
exist as defined in ElementNameMask and MaxElementNameLen properties defined
in that class.
Qualifiers:
-------------
MaxLen=32
AuditApplicationEventID
public uint32[128] AuditApplicationEventID
- General Information:
List of application events the policy rule
applies to.
Qualifiers:
-------------
Required
PolicyType
public uint32[128] PolicyType
- General Information:
For each audited event, a flag indicating
the type of policy. For example: indicating if the policy is defined as
critical.
Qualifiers:
-------------
Required
ValueMap={0,
1, 2..65535}
Values={NONE, CRITICAL, RESERVED}
SetAuditPolicy
public uint32 SetAuditPolicy([IN]boolean Enable, [IN]uint16 AuditedAppID, [IN]uint16 EventID, [IN]uint32 PolicyType)
- Permission Information:
Permitted realms:
ADMIN_SECURITY_AUDIT_LOG_REALM
General Information:
This
routine is used to enable or disable auditing of a single event. Certain
events are predefined as always logged. They are included in the audit log
policy whether they were requested explicitly or not. Attempting to remove
such events from audit log policy will return an error. Certain events are
predefined as never critical. Attempting to include such events in a policy
and marking them as critical will return an
error.
Qualifiers:
-------------
ValueMap={0, 1, 2, 16,
36, 38, 2075}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR,
PT_STATUS_NOT_READY, PT_STATUS_NOT_PERMITTED, PT_STATUS_INVALID_PARAMETER,
PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED,
PT_STATUS_AUDIT_FAIL}
Parameters:
--------------
- Enable
- General Information:
This flag indicates whether the requested
operation is enable or
disable.
Qualifiers:
-------------
Required
IN
- AuditedAppID
- General Information:
The application ID of the
event.
Qualifiers:
-------------
Required
IN
- EventID
- General Information:
The ID of the
event.
Qualifiers:
-------------
Required
IN
- PolicyType
- General Information:
A flag indicating the type of policy. For
example: indicating if the policy is defined as critical. When the audit log
is locked or full, all critical events will not be executed, and will return
a failure status code. This flag is not required for a disable
request.
Qualifiers:
-------------
IN
ValueMap={0, 1,
2..65535}
Values={NONE, CRITICAL, RESERVED}
SetAuditPolicyBulk
public uint32 SetAuditPolicyBulk([IN]boolean Enable[], [IN]uint16 AuditedAppID[], [IN]uint16 EventID[], [IN]uint32 PolicyType[])
- Permission Information:
Permitted realms:
ADMIN_SECURITY_AUDIT_LOG_REALM
General Information:
This
method enables or disables auditing of multiple events.
Certain events are
predefined as always logged. They are included in the audit log policy whether
they were requested explicitly or not. Attempting to remove such events from
the audit log policy will return an error.
Certain events are predefined as
never critical. Attempting to include such events in a policy and marking them
as critical will return an error.
If a policy event is configured more than
once, the last configuration will be applied.
If there is an error, the
current audit log policy configuration will not be changed.
If the request
size is too large to be processed, divide the request into multiple smaller
requests.As a rule of thumb, it is recommended not to add more than 6k of data
to the request.
Product Specific Usage:
Additional notes:
'SetAuditPolicyBulk' method is supported only in Intel AMT release 7.0 and
later releases.
Qualifiers:
-------------
ValueMap={0, 1,
2, 16, 36, 38, 2075}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR,
PT_STATUS_NOT_READY, PT_STATUS_NOT_PERMITTED, PT_STATUS_INVALID_PARAMETER,
PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED,
PT_STATUS_AUDIT_FAIL}
Parameters:
--------------
- Enable
- General Information:
Array of flags, each one indicates
whether to enable or disable the corresponding policy
event.
Qualifiers:
-------------
Required
IN
- AuditedAppID
- General Information:
Array of application IDs of the policy
events.
Qualifiers:
-------------
Required
IN
- EventID
- General Information:
Array of event IDs of the policy
events.
Qualifiers:
-------------
Required
IN
- PolicyType
- General Information:
Array of flags, each one indicates the
type of the corresponding policy event. For example: indicating if the
policy is defined as critical. When the audit log is locked or full, all
critical events will not be executed, and will return a failure status
code.
Qualifiers:
-------------
Required
IN
ValueMap={0,
1, 2..65535}
Values={NONE, CRITICAL,
RESERVED}
Get
public Get([OUT]AMT_AuditPolicyRule Instance)
- Permission Information:
Permitted realms:
ADMIN_SECURITY_GENERAL_INFO_REALM,
ADMIN_SECURITY_AUDIT_LOG_REALM
General Information:
Gets the
representation of the instance
Pull
public Pull([IN]String EnumerationContext, [IN]String MaxElements)
- Permission Information:
All users permitted to use method, only
instances to whom the user has permissions will be returned
General
Information:
Pulls instances of this class, following an Enumerate
operation
Enumerate
public Enumerate()
- Permission Information:
All users permitted to use
method
General Information:
Enumerates the instances of this
class
Release
public Release([IN]String EnumerationContext)
- Permission Information:
All users permitted to use
method
General Information:
Releases an enumeration
context