Intel AMT Features > Access Monitor > Detailed Description

Detailed Description

The Access Monitor feature is implemented with the following:

     An independent Auditor user that cannot be changed or deleted by an administrator

     A configurable list of auditable events

     Configurable alerts associated with the auditable events and an audit log.

     Audit Log has an effect on unconfigure procces in some cases, see Returning to an Unconfigured State.

     Intel AMT systems cannot be unconfigured without cooperation from the Auditor. except from release 8.0, when Auditor is not defined.

Intel AMT writes selected events to the audit log. The Auditor and others can review the audit log to detect break-in attempts, damaging commands, and trace events to identify the root cause of various problems.

 Note:

   If Intel AMT receives a request to perform an action marked as critical and there is no room in the audit log to record the event, the request will be rejected.

   In certain cases, an event might be written to the audit log even though the action was not completed successfully (for example, there was a power failure before the requested action completed). Events that actually occur are always written to the log.

   Release 8.0 modifies the access monitor to make it easier to use.

 

See Also:

   About the Auditor User

   Enabling Auditing

   Comparison of Access Monitor Pre-8.0 and Release 8.0

   Event Groups and Event IDs

   Storage Policy Types

   Auditor Notification Alert

   Reading the Audit Log

   Returning to an Unconfigured State

Copyright © 2006-2022, Intel Corporation. All rights reserved.