Intel AMT Features > Access Monitor > Use Cases > View the Audit Policy Details
CollapseAll image

View the Audit Policy Details

The following steps describe how to view details of all the events and their settings which constitute the audit policy.

1.  Retrieve the instance of AMT_AuditPolicyRule, where the “PolicyRuleName” key equals “Audit Policy Rule”.

2.  Examine the following properties of AMT_AuditPolicyRule:

Property

Description

AuditApplicationEventID

Holds the application and event ID information. It is a UINT32 parameter where the 8 most significant bits hold the application ID and the 16 least significant bits hold the event ID.

PolicyType

Holds the policy type information (Critical or Not).

 

Click here for a snippet demonstrating this step

You can execute this snippet by inserting it into the execution template found here.

  

$auditPolicyRuleRef =$wsmanConnectionObject.NewReference("SELECT * FROM AMT_AuditPolicyRule WHERE PolicyRuleName='Audit Policy Rule'")

$auditPolicyRuleInstance =$auditPolicyRuleRef.Get()

$auditApplicationEventID =$auditPolicyRuleInstance.GetProperty("AuditApplicationEventID")

$policyType =$auditPolicyRuleInstance.GetProperty("PolicyType")

 

 

Instance Diagram

Classes Used in This Flow

SDK Sample

If there is a sample demonstrating this flow, it is included in the SDK installation file. See SDK Installation Layout for details.

 

See Also:

   Event Groups and Event IDs

Copyright © 2006-2022, Intel Corporation. All rights reserved.