Chat now with support
Chat with Support

Enterprise Single Sign-On 9.0.2 - One Identity Enterprise Access Management Console Administration Guide

Preface Overview Authenticating to EAM Console and Managing Protection Modes Searching the Directory Tree Managing administrators Managing Security Profiles
Managing time slices Managing Password Format Control Policies Managing User Security Profiles Managing Access Point Security Profiles Managing Application Security Profiles Defining Security Profiles Default Values Managing User and Access Point Security Profiles Priorities
Managing directory objects
Managing applications Managing users Managing access points Managing representative objects Managing clusters of access points Selecting a domain controller
Importing/Exporting security profiles and directory objects Managing smart cards Managing SA server devices Managing RFID tokens Managing biometrics Managing Mobile Devices Enabling the public key authentication method Managing Emergency Accesses Managing audit events Managing reports Customizing configuration files Creating scripts Basic syntax of regular expressions Listing audit events and error codes Correspondence between profiles and administration rights Report Models and Parameters List Custom Group Files Format

Creating an audit filter

Subject

The Audit panel allows you to build audit filters that you can save and apply on existing audit records.

Before starting

To perform the task described in this section, you must have the following administration role:

  • In classic administration mode: "Security object administrator".
  • In advanced administration mode, your role must contain the administration right "Audit: Visualization".

    NOTE: For more information on administration roles, see Section Managing administrators.

Procedure

  1. In the Audit panel, click Advanced Filter.
    • The filter window appears.

      This window allows you to select the category of event to filter:

  • Application

    This category allows you to apply a filter on applications according to their name or their identifier.

  • Audit ID

    This category allows you to apply a filter on audit identifiers.

  • Category

    This category allows you to choose the family of audit events you want to be displayed in the audit report:

    • SSO: SSO audit events.
    • Authentication: authentication audit events.
    • System: access points audit events.
    • Admin: administration audit events.
  • Error code

    This category allows you to filter events according to their error status.

  • Detailed content

    This category allows you to choose the event attributes you want to be displayed in the report:

    Example: cache authentication, DN, delegates...

  • Event

    This category allows you to define the audit events that must be included in the audit report.

  • Extended information

    This category allows you to define a regular expression that will be applied to the Extended information field.

    For more information on regular expressions, see Basic syntax of regular expressions.

  • Access point

    This category allows you to apply a filter on access points according to their name or their identifier.

  • Population

    This category only appears if your audit administration role is not restricted to a set of audit populations (for more information, see Section Delegating Administration Roles).
    It allows you to filter events according to existing audit populations.

  1. Select the category on which you want to apply a filter condition and click Add a Condition.

    NOTE: The OR logic operator applies to the conditions of a given category and the AND logic operator allows you to associate several categories.
    • Depending on the category chosen, an audit filter selection window appears.
  2. Follow the guidelines given in the window to choose the condition you want to apply, and click OK.

 

Saving an audit filter

Subject

To be able to reuse the audit filter you have built, you can save it locally on your system as an AFD file. This way, you can load it whenever needed.

Procedure

  1. In the Audit panel, click Advanced Filter.
    • The filter window appears.
  2. Build an audit filter, as explained in Section Creating an audit filter.
  3. In the Audit Database Search Filter window, click the Save button.
    • The Windows explorer window appears.
  4. Select the folder in which you want to save the filter, name it and click Save.
    • The filter is saved as an AFD file and can then be reused.

 

Loading an audit filter

Subject

The following procedure explains how to reuse an audit filter you have previously created and saved.

Procedure

  1. In the Audit panel, click Advanced Filter.
    • The filter window appears.
  2. Click the Load button.
    • The Windows explorer window appears.
  3. Select the AFD file corresponding to the filter you want to load and click Open.
    • The filter is loaded in the Audit Database Search Filter window and is ready to be applied (see Section Applying an audit filter).

 

Applying an audit filter

The audit filters allow you to filter the events in the following cases:

  • At the time of their visualization.
  • Upon the event creation for the following objects: administration role, user security profile, access point security profile and application.

    All defined audit filters will be applied before the EAM Security Services decide whether this operation should be audited. If at least one filter indicates that the operation should be audited, then the associated audit event is created.

In this section:

Related Documents