SUMMARY: NESTED | FIELD | | METHOD
DETAIL: FIELD | METHOD

Class AMT_AuditPolicyRule

Used in features: Audit Log
Compatible with the following Intel AMT Releases: 4.0, 5.0, 5.1, 6.0, 6.1, 6.2, 7.0, 8.0, 8.1, 9.0, 9.5, 10.0, 11.0 
CIM_ManagedElement
   extended by CIM_Policy
      extended by CIM_PolicySet
         extended by CIM_PolicyRule
            extended by AMT_AuditPolicyRule


class AMT_AuditPolicyRule
 extends CIM_PolicyRule


General Information:
Represents event 
policies.

Qualifiers:
-------------
Version=7.0.0









  
  

    Supported Fields 
      Summary

  

     string 
      
    PolicyRuleName Key  
A user-friendly name of this 
      PolicyRule.

  

     string 
      
    CreationClassName Key  
CreationClassName indicates the name 
      of the class or the subclass used in the creation of an instance . . 
    .

  

     string 
      
    SystemName Key  
The scoping System's Name.

  

     string 
      
    SystemCreationClassName Key  
The scoping System's 
      CreationClassName.

  

     string 
      
    ElementName 
A 
      user-friendly name for the object . . .

  

     uint32[128] 
      
    AuditApplicationEventID 
      
List of application events the policy rule applies to.

  

     uint32[128] 
      
    PolicyType 
For each 
      audited event, a flag indicating the type of policy . . 
  .




  
  

    Methods Summary

  

     uint32
    SetAuditPolicy(Enable, 
      AuditedAppID, EventID, PolicyType) 
This routine is used to 
      enable or disable auditing of a single event . . .

  

     uint32
    SetAuditPolicyBulk(Enable, 
      AuditedAppID, EventID, PolicyType) 
This method enables or 
      disables auditing of multiple events. Certain events are predefined as 
      always logged . . .

  

     
    Get(Instance) 
Gets the 
      representation of the instance

  

     
    Pull(EnumerationContext, 
      MaxElements) 
Pulls instances of this class, following an 
      Enumerate operation

  

     
    Enumerate() 
      
Enumerates the instances of this class

  

     
    Release(EnumerationContext) 
      
Releases an enumeration context




  
  

    Field 
Detail


PolicyRuleName Key 
public string PolicyRuleName



  
General Information:
A user-friendly name of this 
  PolicyRule.

Qualifiers:
-------------
Key
MaxLen=35


  

  





CreationClassName Key 
public string CreationClassName



  
General Information:
CreationClassName indicates the name of the 
  class or the subclass used in the creation of an instance. When used with the 
  other key properties of this class, this property allows all instances of this 
  class and its subclasses to be uniquely 
  identified.

Qualifiers:
-------------
Key
MaxLen=32


  

  





SystemName Key 
public string SystemName



  
General Information:
The scoping System's 
  Name.

Qualifiers:
-------------
Key
MaxLen=256
Propagated=CIM_System.Name


  

  





SystemCreationClassName Key 
public string SystemCreationClassName



  
General Information:
The scoping System's 
  CreationClassName.

Qualifiers:
-------------
Key
MaxLen=20
Propagated=CIM_System.CreationClassName


  

  





ElementName 
public string ElementName



  
General Information:
A user-friendly name for the object. This 
  property allows each instance to define a user-friendly name in addition to 
  its key properties, identity data, and description information. 
Note that 
  the Name property of ManagedSystemElement is also defined as a user-friendly 
  name. But, it is often subclassed to be a Key. It is not reasonable that the 
  same property can convey both identity and a user-friendly name, without 
  inconsistencies. Where Name exists and is not a Key (such as for instances of 
  LogicalDevice), the same information can be present in both the Name and 
  ElementName properties. Note that if there is an associated instance of 
  CIM_EnabledLogicalElementCapabilities, restrictions on this properties may 
  exist as defined in ElementNameMask and MaxElementNameLen properties defined 
  in that class.

Qualifiers:
-------------
MaxLen=32


  

  





AuditApplicationEventID 
public uint32[128] AuditApplicationEventID



  
General Information:
List of application events the policy rule 
  applies to.

Qualifiers:
-------------
Required


  

  





PolicyType 
public uint32[128] PolicyType



  
General Information:
For each audited event, a flag indicating 
  the type of policy. For example: indicating if the policy is defined as 
  critical.

Qualifiers:
-------------
Required
ValueMap={0, 
  1, 2..65535}
Values={NONE, CRITICAL, RESERVED}


  

  






  
  

    Method 
Detail


SetAuditPolicy
public uint32 SetAuditPolicy([IN]boolean Enable, [IN]uint16 AuditedAppID, [IN]uint16 EventID, [IN]uint32 PolicyType)



  
Permission Information:
Permitted realms: 
  ADMIN_SECURITY_AUDIT_LOG_REALM

General Information:
This 
  routine is used to enable or disable auditing of a single event. Certain 
  events are predefined as always logged. They are included in the audit log 
  policy whether they were requested explicitly or not. Attempting to remove 
  such events from audit log policy will return an error. Certain events are 
  predefined as never critical. Attempting to include such events in a policy 
  and marking them as critical will return an 
  error.

Qualifiers:
-------------
ValueMap={0, 1, 2, 16, 
  36, 38, 2075}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR, 
  PT_STATUS_NOT_READY, PT_STATUS_NOT_PERMITTED, PT_STATUS_INVALID_PARAMETER, 
  PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED, 
  PT_STATUS_AUDIT_FAIL}


Parameters:
--------------

  

    
Enable 
    
General Information:
This flag indicates whether the requested 
    operation is enable or 
    disable.

Qualifiers:
-------------
Required
IN


    
AuditedAppID 
    
General Information:
The application ID of the 
    event.

Qualifiers:
-------------
Required
IN


    
EventID 
    
General Information:
The ID of the 
    event.

Qualifiers:
-------------
Required
IN


    
PolicyType 
    
General Information:
A flag indicating the type of policy. For 
    example: indicating if the policy is defined as critical. When the audit log 
    is locked or full, all critical events will not be executed, and will return 
    a failure status code. This flag is not required for a disable 
    request.

Qualifiers:
-------------
IN
ValueMap={0, 1, 
    2..65535}
Values={NONE, CRITICAL, RESERVED}







SetAuditPolicyBulk
public uint32 SetAuditPolicyBulk([IN]boolean Enable[], [IN]uint16 AuditedAppID[], [IN]uint16 EventID[], [IN]uint32 PolicyType[])



  
Permission Information:
Permitted realms: 
  ADMIN_SECURITY_AUDIT_LOG_REALM

General Information:
This 
  method enables or disables auditing of multiple events.
Certain events are 
  predefined as always logged. They are included in the audit log policy whether 
  they were requested explicitly or not. Attempting to remove such events from 
  the audit log policy will return an error.
Certain events are predefined as 
  never critical. Attempting to include such events in a policy and marking them 
  as critical will return an error.
If a policy event is configured more than 
  once, the last configuration will be applied.
If there is an error, the 
  current audit log policy configuration will not be changed.
If the request 
  size is too large to be processed, divide the request into multiple smaller 
  requests.As a rule of thumb, it is recommended not to add more than 6k of data 
  to the request.

Product Specific Usage:
Additional notes: 
  
'SetAuditPolicyBulk' method is supported only in Intel AMT release 7.0 and 
  later releases.

Qualifiers:
-------------
ValueMap={0, 1, 
  2, 16, 36, 38, 2075}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR, 
  PT_STATUS_NOT_READY, PT_STATUS_NOT_PERMITTED, PT_STATUS_INVALID_PARAMETER, 
  PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED, 
  PT_STATUS_AUDIT_FAIL}


Parameters:
--------------

  

    
Enable 
    
General Information:
Array of flags, each one indicates 
    whether to enable or disable the corresponding policy 
    event.

Qualifiers:
-------------
Required
IN


    
AuditedAppID 
    
General Information:
Array of application IDs of the policy 
    events.

Qualifiers:
-------------
Required
IN


    
EventID 
    
General Information:
Array of event IDs of the policy 
    events.

Qualifiers:
-------------
Required
IN


    
PolicyType 
    
General Information:
Array of flags, each one indicates the 
    type of the corresponding policy event. For example: indicating if the 
    policy is defined as critical. When the audit log is locked or full, all 
    critical events will not be executed, and will return a failure status 
    code.

Qualifiers:
-------------
Required
IN
ValueMap={0, 
    1, 2..65535}
Values={NONE, CRITICAL, 
RESERVED}







Get
public  Get([OUT]AMT_AuditPolicyRule Instance)



  
Permission Information:
Permitted realms: 
  ADMIN_SECURITY_GENERAL_INFO_REALM, 
  ADMIN_SECURITY_AUDIT_LOG_REALM

General Information:
Gets the 
  representation of the instance





Pull
public  Pull([IN]String EnumerationContext, [IN]String MaxElements)



  
Permission Information:
All users permitted to use method, only 
  instances to whom the user has permissions will be returned

General 
  Information:
Pulls instances of this class, following an Enumerate 
  operation





Enumerate
public  Enumerate()



  
Permission Information:
All users permitted to use 
  method

General Information:
Enumerates the instances of this 
  class





Release
public  Release([IN]String EnumerationContext)



  
Permission Information:
All users permitted to use 
  method

General Information:
Releases an enumeration 
  context






  
  

    SUMMARY: NESTED | FIELD | METHOD
  

  

    DETAIL: FIELD | METHOD



  
  

    
      
Copyright © 2006-2022, Intel 
      Corporation. All rights 
reserved.