TOC & Recently Viewed

Recently Viewed Topics

AUDIT_POLICY

This policy item checks for the values defined in “Security Settings -> Local Policies -> Audit Policy”.

The check is performed by calling the function LsaQueryInformationPolicy with the level PolicyAuditEventsInformation.

Usage

<custom_item>

type: AUDIT_POLICY

description: ["description"]

value_type: [VALUE_TYPE]

value_data: [value]

(optional) check_type: [value]

audit_policy: [PASSWORD_POLICY_TYPE]

</custom_item>

This item uses the audit_policy field to describe which element of the password policy must be audited. The allowed types are:

  • AUDIT_ACCOUNT_LOGON (“Audit account logon events”)
  • AUDIT_ACCOUNT_MANAGER (“Audit account management”)
  • AUDIT_DIRECTORY_SERVICE_ACCESS (“Audit directory service access”)
  • AUDIT_LOGON (“Audit logon events”)
  • AUDIT_OBJECT_ACCESS (“Audit object access”)
  • AUDIT_POLICY_CHANGE (“Audit policy change”)
  • AUDIT_PRIVILEGE_USE (“Audit privilege use”)
  • AUDIT_DETAILED_TRACKING (“Audit process tracking”)
  • AUDIT_SYSTEM (“Audit system events”)

value_type: AUDIT_SET

value_data: "No auditing", "Success", "Failure", "Success, Failure"

Note: There is a required space in “Success, Failure”.

Example

<custom_item>

type: AUDIT_POLICY

description: "Audit policy change"

value_type: AUDIT_SET

value_data: "Failure"

audit_policy: AUDIT_POLICY_CHANGE

</custom_item>

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.