Audit Generation
C2-level security requirements specify that system administrators must be able
to audit security-related events and that access to this audit data must be
limited to authorized administrators. The Win32 API provides functions enabling
an administrator to monitor security-related events.
The system access-control list (ACL) contains audit access-control entries
(ACEs) for an object. An application can use the
GetSecurityDescriptorSacl and
SetSecurityDescriptorSacl functions to retrieve an existing system ACL or to set a new one. The
AddAuditAccessAce function adds an ACE to a system ACL that causes the system to record
specified access attempts in a security log. This security log can be read by using
the Microsoft Windows Event Viewer (EVENTVWR.EXE), and can be manipulated by
using the event-logging functions discussed in
Event Logging. For more information about system ACLs, see
Access-control Lists (ACLs).
An application can use the
ObjectPrivilegeAuditAlarm function to generate audit and alarm messages whenever a process attempts to
complete a privileged operation. The
PrivilegedServiceAuditAlarm generates audit and alarm messages whenever a process attempts to perform a
privileged system-service operation.
The
ObjectCloseAuditAlarm generates audit messages when an object is deleted. The
ObjectOpenAuditAlarm function generates audit messages when a process attempts to open or gain
access to an object.
- Software for developers
-
Delphi Components
.Net Components
Software for Android Developers
- More information resources
-
MegaDetailed.Net
Unix Manual Pages
Delphi Examples
