Class AMT_AuditPolicyRule

Used in features: Audit Log
Compatible with the following Intel AMT Releases: 4.0, 5.0, 5.1, 6.0, 6.1, 6.2, 7.0, 8.0, 8.1, 9.0, 9.5
CIM_ManagedElement
   extended by CIM_Policy
      extended by CIM_PolicySet
         extended by CIM_PolicyRule
            extended by AMT_AuditPolicyRule


class AMT_AuditPolicyRule
extends CIM_PolicyRule

General Information:
Represents event policies.

Qualifiers:
-------------
Version=7.0.0


Supported Fields Summary
 string PolicyRuleName Key
A user-friendly name of this PolicyRule.
 string CreationClassName Key
CreationClassName indicates the name of the class or the subclass used in the creation of an instance . . .
 string SystemName Key
The scoping System's Name.
 string SystemCreationClassName Key
The scoping System's CreationClassName.
 string ElementName
A user-friendly name for the object . . .
 uint32[128] AuditApplicationEventID
List of application events the policy rule applies to.
 uint32[128] PolicyType
For each audited event, a flag indicating the type of policy . . .

Methods Summary
 uint32 SetAuditPolicy(Enable, AuditedAppID, EventID, PolicyType)
This routine is used to enable or disable auditing of a single event . . .
 uint32 SetAuditPolicyBulk(Enable, AuditedAppID, EventID, PolicyType)
This method enables or disables auditing of multiple events. Certain events are predefined as always logged . . .
  Get(Instance)
Gets the representation of the instance
  Pull(EnumerationContext, MaxElements)
Pulls instances of this class, following an Enumerate operation
  Enumerate()
Enumerates the instances of this class
  Release(EnumerationContext)
Releases an enumeration context

Field Detail

PolicyRuleName Key

public string PolicyRuleName
General Information:
A user-friendly name of this PolicyRule.

Qualifiers:
-------------
Key
MaxLen=35


CreationClassName Key

public string CreationClassName
General Information:
CreationClassName indicates the name of the class or the subclass used in the creation of an instance. When used with the other key properties of this class, this property allows all instances of this class and its subclasses to be uniquely identified.

Qualifiers:
-------------
Key
MaxLen=32


SystemName Key

public string SystemName
General Information:
The scoping System's Name.

Qualifiers:
-------------
Key
MaxLen=256
Propagated=CIM_System.Name


SystemCreationClassName Key

public string SystemCreationClassName
General Information:
The scoping System's CreationClassName.

Qualifiers:
-------------
Key
MaxLen=20
Propagated=CIM_System.CreationClassName


ElementName

public string ElementName
General Information:
A user-friendly name for the object. This property allows each instance to define a user-friendly name in addition to its key properties, identity data, and description information.
Note that the Name property of ManagedSystemElement is also defined as a user-friendly name. But, it is often subclassed to be a Key. It is not reasonable that the same property can convey both identity and a user-friendly name, without inconsistencies. Where Name exists and is not a Key (such as for instances of LogicalDevice), the same information can be present in both the Name and ElementName properties. Note that if there is an associated instance of CIM_EnabledLogicalElementCapabilities, restrictions on this properties may exist as defined in ElementNameMask and MaxElementNameLen properties defined in that class.

Qualifiers:
-------------
MaxLen=32


AuditApplicationEventID

public uint32[128] AuditApplicationEventID
General Information:
List of application events the policy rule applies to.

Qualifiers:
-------------
Required


PolicyType

public uint32[128] PolicyType
General Information:
For each audited event, a flag indicating the type of policy. For example: indicating if the policy is defined as critical.

Qualifiers:
-------------
Required
ValueMap={0, 1, 2..65535}
Values={NONE, CRITICAL, RESERVED}


Method Detail

SetAuditPolicy

public uint32 SetAuditPolicy([IN]boolean Enable, [IN]uint16 AuditedAppID, [IN]uint16 EventID, [IN]uint32 PolicyType)
Permission Information:
Permitted realms: ADMIN_SECURITY_AUDIT_LOG_REALM

General Information:
This routine is used to enable or disable auditing of a single event. Certain events are predefined as always logged. They are included in the audit log policy whether they were requested explicitly or not. Attempting to remove such events from audit log policy will return an error. Certain events are predefined as never critical. Attempting to include such events in a policy and marking them as critical will return an error.

Qualifiers:
-------------
ValueMap={0, 1, 2, 16, 36, 38, 2075}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR, PT_STATUS_NOT_READY, PT_STATUS_NOT_PERMITTED, PT_STATUS_INVALID_PARAMETER, PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED, PT_STATUS_AUDIT_FAIL}


Parameters:
--------------
Enable
General Information:
This flag indicates whether the requested operation is enable or disable.

Qualifiers:
-------------
Required
IN

AuditedAppID
General Information:
The application ID of the event.

Qualifiers:
-------------
Required
IN

EventID
General Information:
The ID of the event.

Qualifiers:
-------------
Required
IN

PolicyType
General Information:
A flag indicating the type of policy. For example: indicating if the policy is defined as critical. When the audit log is locked or full, all critical events will not be executed, and will return a failure status code. This flag is not required for a disable request.

Qualifiers:
-------------
IN
ValueMap={0, 1, 2..65535}
Values={NONE, CRITICAL, RESERVED}



SetAuditPolicyBulk

public uint32 SetAuditPolicyBulk([IN]boolean Enable[], [IN]uint16 AuditedAppID[], [IN]uint16 EventID[], [IN]uint32 PolicyType[])
Permission Information:
Permitted realms: ADMIN_SECURITY_AUDIT_LOG_REALM

General Information:
This method enables or disables auditing of multiple events.
Certain events are predefined as always logged. They are included in the audit log policy whether they were requested explicitly or not. Attempting to remove such events from the audit log policy will return an error.
Certain events are predefined as never critical. Attempting to include such events in a policy and marking them as critical will return an error.
If a policy event is configured more than once, the last configuration will be applied.
If there is an error, the current audit log policy configuration will not be changed.
If the request size is too large to be processed, divide the request into multiple smaller requests.As a rule of thumb, it is recommended not to add more than 6k of data to the request.

Product Specific Usage:
Additional notes:
'SetAuditPolicyBulk' method is supported only in Intel AMT release 7.0 and later releases.

Qualifiers:
-------------
ValueMap={0, 1, 2, 16, 36, 38, 2075}
Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR, PT_STATUS_NOT_READY, PT_STATUS_NOT_PERMITTED, PT_STATUS_INVALID_PARAMETER, PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED, PT_STATUS_AUDIT_FAIL}


Parameters:
--------------
Enable
General Information:
Array of flags, each one indicates whether to enable or disable the corresponding policy event.

Qualifiers:
-------------
Required
IN

AuditedAppID
General Information:
Array of application IDs of the policy events.

Qualifiers:
-------------
Required
IN

EventID
General Information:
Array of event IDs of the policy events.

Qualifiers:
-------------
Required
IN

PolicyType
General Information:
Array of flags, each one indicates the type of the corresponding policy event. For example: indicating if the policy is defined as critical. When the audit log is locked or full, all critical events will not be executed, and will return a failure status code.

Qualifiers:
-------------
Required
IN
ValueMap={0, 1, 2..65535}
Values={NONE, CRITICAL, RESERVED}



Get

public  Get([OUT]AMT_AuditPolicyRule Instance)
Permission Information:
Permitted realms: ADMIN_SECURITY_GENERAL_INFO_REALM, ADMIN_SECURITY_AUDIT_LOG_REALM

General Information:
Gets the representation of the instance

Pull

public  Pull([IN]String EnumerationContext, [IN]String MaxElements)
Permission Information:
All users permitted to use method, only instances to whom the user has permissions will be returned

General Information:
Pulls instances of this class, following an Enumerate operation

Enumerate

public  Enumerate()
Permission Information:
All users permitted to use method

General Information:
Enumerates the instances of this class

Release

public  Release([IN]String EnumerationContext)
Permission Information:
All users permitted to use method

General Information:
Releases an enumeration context

Copyright © 2006-2013, Intel Corporation. All rights reserved.