Enterprise Service Cloud - Docs

Audit Settings

Swisscom performs the audit settings defined in the below chapter (File System Layout Managed RHEL)[#file-system-layout-managed-rhel]. The user may not change these settings (e.g. Full Managed mode). Swisscom uses the compliance checks to check whether the settings are set accordingly.

Audit Settings Managed Windows

CategorySubcategorySubSetting
SystemSecurity System ExtensionFailure
System IntegrityFailure
IPsec DriverFailure
Other System EventsFailure
Security State ChangeFailure
Logon/LogoffLogonSuccess and Failure
LogoffSuccess and Failure
Account LockoutSuccess and Failure
IPsec Main ModeSuccess and Failure
IPsec Quick ModeSuccess and Failure
IPsec Extended ModeSuccess and Failure
Special LogonSuccess and Failure
Other Logon/Logoff EventsSuccess and Failure
Network Policy ServerSuccess and Failure
User / Device ClaimsSuccess and Failure
Object AccessFile SystemNo Auditing
RegistryNo Auditing
Kernel ObjectNo Auditing
SAMNo Auditing
Certification ServicesNo Auditing
Application GeneratedNo Auditing
Handle ManipulationNo Auditing
File ShareNo Auditing
Filtering Platform Packet DropNo Auditing
Filtering Platform ConnectionNo Auditing
Other Object Access EventsNo Auditing
Detailed File ShareNo Auditing
Removable StorageNo Auditing
Central Policy StagingNo Auditing
Privilege UseNon Sensitive Privilege UseSuccess and Failure
Other Privilege Use EventsSuccess and Failure
Sensitive Privilege UseSuccess and Failure
Detailed TrackingProcess CreationNo Auditing
Process TerminationNo Auditing
DPAPI ActivityNo Auditing
RPC EventsNo Auditing
Policy ChangeAuthentication Policy ChangeSuccess and Failure
Authorization Policy ChangeSuccess and Failure
MPSSVC Rule-Level Policy ChangeSuccess and Failure
Filtering Platform Policy ChangeSuccess and Failure
Other Policy Change EventsSuccess and Failure
Audit Policy ChangeSuccess and Failure
Account ManagementUser Account ManagementSuccess and Failure
Computer Account ManagementSuccess and Failure
Security Group ManagementSuccess and Failure
Distribution Group ManagementSuccess and Failure
Application Group ManagementSuccess and Failure
Other Account Management EventsSuccess and Failure
DS AccessDirectory Service ChangesNo Auditing
Directory Service ReplicationNo Auditing
Detailed Directory Service ReplicationNo Auditing
Directory Service AccessSuccess
Account LogonKerberos Service Ticket OperationsSuccess and Failure
Other Account Logon EventsSuccess and Failure
Kerberos Authentication ServiceSuccess and Failure
Credential ValidationSuccess and Failure

File System Layout Managed RHEL

FilesystemFunction
/Directory which contains the necessary files to boot the system
/bootDirectory for the static files of the bootloader
/homeDirectory for user homes
/tmpDirectory for temporary files
/optDirectory for additionally installable programs, mostly large packages or commercial software
/var/logDirectory for log files
/var/log/auditDirectory for auditing service log files
/usr/localDirectory for self-compiled programs
/opt/ds_agentDirectory for malware protection
Last Updated: