Starting with Release 8.0, the Auditor feature has been simplified and enabled by default with pre-defined security-related events. Following is a comparison of activities and feature behaviors in pre-8.0 releases compared with Release 8.0.
|
Feature |
Pre-8.0 Releases |
Release 8.0 |
|
Auditor User definition |
Single Auditor Must be defined by administrator. |
All administrators are implicit Auditors until an Auditor is explicitly defined. |
|
Signing key material set |
Prerequisite to enabling Audit Log feature. |
Prerequisite to export audit log. |
|
Event selection for logging |
Each event must be selected for logging |
All events in the following event groups are enabled by default: • Security Admin Events (except Flash Wear-Out Counters Reset (ID=15) and Power Package Modified (ID=16) events) |
|
Audit events collection |
Begins after defining both signing key material and an Auditor and then selecting events to monitor |
Collection is enabled by default before configuration begins. |
|
Unconfiguring |
Unconfiguring is blocked if auditing is enabled. The audit log is erased and all ACL entries are deleted, including the Auditor. |
Unconfiguring is only blocked while an Auditor is defined in the system. The audit log is not erased and the unprovisioning event is logged at the beginning of the unprovision flow. |
|
Copyright © 2006-2022, Intel Corporation. All rights reserved. |